LoginBook a demo
Privacy

Privacy policy.

How TaskWiz collects, uses, discloses and protects the information we receive from our users - including a dedicated section on Google user data accessed via OAuth.

Effective dateJanuary 2026
For our security practices and infrastructure controls, see the Trust & Security page.
1

Introduction

At TaskWiz, we are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect the information we collect from our employees and external customers.

2

Collection of Personal Information

We collect personal information in various ways, including:

  • Information You Provide: We collect personal information when you provide it to us voluntarily, such as when you sign up for our services, make inquiries, or communicate with us.
  • Information We Collect Automatically: When you visit our website or use our services, we may automatically collect information like your IP address, device information, and browsing behaviour through cookies and other tracking technologies.
  • Information from Third Parties: We may collect information from third parties, including business partners, for the purposes described in this Privacy Policy.
3

Use of Personal Information

We may use your personal information for the following purposes:

  • Providing Our Services: To provide, maintain, and improve our services.
  • Communication: To communicate with you, including responding to your inquiries and providing updates about our services.
  • Legal Compliance: To comply with legal obligations and to protect our rights and interests.
  • Marketing: To send you promotional materials, newsletters, and updates related to our services, provided you have consented to receive such communications.
4

Disclosure of Personal Information

We may share your personal information with:

  • Service Providers: Third-party service providers that assist us in delivering our services.
  • Business Partners: Trusted business partners who work with us to provide joint services or promotions.
  • Legal and Regulatory Authorities: To comply with legal obligations or to protect our rights and interests.
5

Google User Data and Limited Use

This section describes how TaskWiz accesses, uses, stores, and shares data from your Google Account when you choose to use our Google Forms integration. It applies in addition to the general data-handling practices described in Sections 2 - 4.

5.1

When This Section Applies

This section applies only when you, as a TaskWiz administrator, voluntarily click "Sign in with Google" within TaskWiz to generate a volunteer registration or survey form in your own Google Account. If you do not use this feature, none of the disclosures in this section apply to you.

5.2

Data Accessed (Google OAuth Scopes)

When you authorise TaskWiz, we request the following Google OAuth scopes - and only these scopes:

https://www.googleapis.com/auth/drive.file
What it allows
Create new files in your Google Drive that were created by TaskWiz, and view/manage only those specific files.
Why we request it
To create the Google Form file in your Drive. We cannot see, list, or access any other files in your Drive.
https://www.googleapis.com/auth/forms.body
What it allows
Create and configure the structure (title, sections, questions) of a Google Form.
Why we request it
To build the questions of the volunteer form (name, email, task preferences, etc.) on your behalf.

We do not request access to your Gmail, Calendar, Contacts, the rest of your Google Drive, or any other Google service. We do not request offline access or refresh tokens.

In addition to the scopes above, the OAuth sign-in flow returns standard profile information (your Google account email and identifier) so we can confirm which account the form will be created in.

5.3

Data Usage

TaskWiz uses the data accessed under these scopes for one purpose only: to create a Google Form in your Google Account that volunteers can use to register for an event.

Specifically, we use the access token you grant - held briefly in memory on our backend during the request - to:

  • Create a new Google Form titled with your event name.
  • Add the questions you have configured in TaskWiz to that form (for example: name, email, phone, task preferences, tags).
  • Return the new form's ID to your browser so you can open the form in Google Forms and distribute it.

We do not:

  • Read or collect any responses submitted to the form. All responses remain entirely within your own Google Account, under your control.
  • Modify, delete, or read any other files in your Google Drive
  • Access any Google data for any purpose other than the one stated above.
  • Use Google user data to develop, improve, or train generalised or non-personalised AI and/or machine-learning models.
  • Use Google user data for advertising purposes.
  • Allow humans to read Google user data, except (a) with your explicit consent for specific data, (b) for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) where the data has been aggregated and anonymised and is used for internal operations.

Limited Use affirmation. TaskWiz's use and transfer of information received from Google APIs adheres to the https://developers.google.com/terms/api-services-user-data-policy, including the Limited Use requirements.

5.4

Data Sharing

We do not share, sell, transfer, or otherwise disclose any data obtained through Google OAuth scopes to any third party, including but not limited to advertisers, data brokers, analytics providers, or AI/ML model providers.

The only network destination that data obtained under these scopes is sent to is Google's own APIs (googleapis.com), to perform the form-creation operation you requested. No other entity receives this data.

5.5

Data Storage and Protection

  • Access tokens are not persisted: The Google OAuth access token issued to TaskWiz is held only in memory on our backend for the few seconds required to create the form, and is then discarded. It is never written to our database, logs, or any other persistent storage.
  • No refresh tokens: We do not request access_type=offline, so Google does not issue us a refresh token, and we have no ability to act on your Google Account once the form creation request has completed.
  • Encryption in transit: All traffic between your browser, TaskWiz, and Google APIs is encrypted using TLS (HTTPS).
  • Hosting: TaskWiz is hosted on Google Cloud Platform within secure, access-controlled environments. Application credentials (the OAuth client secret used to identify TaskWiz to Google) are stored in Google Cloud Secret Manager and are accessible only to authorised TaskWiz services.
  • Access controls: Access to TaskWiz production systems is limited to authorised engineering personnel and protected by single sign-on with multi-factor authentication.
5.6

Data Retention and Deletion

  • Access tokens: Discarded from memory immediately after the form-creation request completes (typically within seconds). We retain no copy.
  • The Google Form itself: The form is created in your Google Account. It belongs to you, is stored by Google under your account, and TaskWiz does not retain a separate copy of its contents or responses. You can edit, archive, or delete the form at any time from https://forms.google.com or https://drive.google.com.
  • Form responses: Responses are collected by Google and stored in your Google Account. TaskWiz never receives, stores, or processes them.
  • Revoking TaskWiz's access: You can revoke TaskWiz's authorisation to your Google Account at any time by visiting https://myaccount.google.com/permissions and removing TaskWiz.
  • Account: Because we hold no refresh token and do not persist your access token, revoking access immediately and completely terminates any ability for TaskWiz to interact with your Google Account.
  • Deletion requests: You may also request deletion of any TaskWiz side records associated with your account by contacting us at the address in Section 9. We will respond within 30 days.
6

Data Security

We take measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

7

Your Privacy Rights

You have certain rights regarding your personal information, including the right to:

  • Access: Request access to the personal information we hold about you.
  • Correct: Request the correction of inaccuracies in your personal information.
  • Delete: Request the deletion of your personal information.
  • Object: Object to the processing of your personal information under certain circumstances.
  • Portability: Request the transfer of your personal information to another organisation in certain formats.
8

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on our website with the revised effective date.

9

Company Information

TaskWiz is a product of Man on the Moon Pty Ltd.

  • Registered name: Man on the Moon Pty Ltd
  • Trading as: TaskWiz
  • ABN: 88 602 630 419 (ABR and ASIC details)
  • Registered office: PO Box 7219, Warringah Mall, NSW 2100, Australia
10

Contact Information

If you have questions or concerns about our Privacy Policy or your personal information, please contact us at: