Taskyn Privacy Policy

Last updated: 15 April 2026

1. Introduction

Taskyn ("we", "us", "our") provides automation services, including the design and deployment of n8n workflows, to help businesses improve productivity. We take privacy and data protection seriously.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who we are (Data Controller)

For the purposes of UK data protection law, the data controller is:

•        Taskyn, operating from Glasgow, Scotland, United Kingdom

Contact: team@taskyn.co.uk

Taskyn is not currently incorporated as a limited company. Once registered, this section should be updated with the company name, registered address, company number, and ICO registration number.

3. Our role: Controller and Processor

Taskyn acts in two different capacities depending on the data involved:

•        As a data controller: when we collect data about visitors to our website, prospective clients, and our direct business clients (for example, contact details and account information).

•        As a data processor: when we build, host, or operate workflows that process personal data on behalf of our business clients. In these cases, our client is the controller and we process data only on their documented instructions, governed by a Data Processing Agreement (DPA).

If you are an end user whose data is being processed through a Taskyn-built workflow on behalf of one of our clients, please contact that client first. They are the controller of your data.

4. Personal data we collect

4.1 Website visitors and prospective clients

Our website is built on Framer, which sets cookies and may collect technical information by default. Data collected may include:

•        Identity and contact data: name, email address, company name, where you provide them through forms.

•        Technical data: IP address, browser type, device information, operating system.

•        Usage data: pages visited, time on site, referral source.

•        Cookies set by Framer for site performance and analytics.

4.2 Clients (the businesses we serve)

•        Account data: name, email, role, company.

•        Billing data: billing address, VAT number, and payment information (processed by our payment provider; we do not store full card details).

•        Service configuration data: details of the workflows we build for you, including credentials and API keys you provide so we can integrate with your systems.

•        Communications: emails, messages, support tickets, and meeting notes.

4.3 Data processed through workflows (on behalf of clients)

When we operate workflows on behalf of a client, those systems may process personal data belonging to the client's own customers, employees, or contacts. The categories of data depend entirely on the client's use case and may include:

•        Contact details (names, emails, phone numbers)

•        CRM records and sales pipeline data

•        Support tickets and customer communications

•        Documents, files, and other content routed through the workflow

•        Any other personal data the client chooses to route through the workflow

We process this data only on the client's instructions, as set out in the applicable DPA. Workflows commonly integrate with third-party services chosen by the client (such as their CRM, email provider, or storage platform), and data may pass through those services as part of the workflow.

5. How we use personal data and our legal basis

Under UK GDPR, we must have a lawful basis for processing personal data. The bases we rely on are:

•        Contract: to provide the services you have engaged us for, manage your account, and handle billing.

•        Legitimate interests: to operate and improve our website, secure our systems, prevent fraud, send service-related communications, and pursue prospective business relationships where appropriate.

•        Consent: for marketing emails to individuals who are not existing clients, and for non-essential cookies. You can withdraw consent at any time.

•        Legal obligation: to comply with tax, accounting, and regulatory requirements.

6. Sharing personal data: sub-processors

To deliver our services, we share data with carefully selected third parties acting as our sub-processors. These currently include:

•        Workflow infrastructure: n8n Cloud (operated by n8n GmbH) hosts and runs the automation workflows.

•        Website hosting: Framer hosts our website and sets cookies for performance and analytics.

•        Communication and productivity tools: standard business tools (such as email, messaging, and file storage) used to communicate with clients and manage projects.

•        Payment processing: once paid services launch, payments will be handled by a regulated payment processor. Details will be updated here at that point.

A current, detailed list of sub-processors is available on request and forms part of our DPA with clients. We do not sell personal data.

7. International data transfers

Some of our sub-processors are based outside the UK, including in the United States and the European Union. Where we transfer personal data internationally, we rely on safeguards approved under UK GDPR, such as:

•        UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs);

•        Adequacy decisions, where one applies (for example, the UK to US Data Bridge where the recipient is certified, or the UK's adequacy finding for the EEA).

We can provide further information about the specific safeguards in place on request.

8. Data retention

•        Website analytics and cookies: retained for the period set by Framer's default settings (typically up to 14 months).

•        Marketing and prospective client contacts: retained until you unsubscribe or after 24 months of inactivity.

•        Client account and billing records: retained for the duration of the engagement and for 6 years thereafter to meet UK accounting and tax obligations.

•        Workflow data processed on behalf of clients: retained according to the client's instructions in the DPA. On termination of the engagement, data is deleted or returned within 30 days unless a longer period is agreed in writing.

•        Backups: securely overwritten on a rolling 30 to 90 day cycle.

9. Security

We use organisational and technical measures appropriate to the risks of processing, including:

•        Encryption of data in transit (TLS) and, where applicable, at rest;

•        Role-based access controls and the principle of least privilege;

•        Multi-factor authentication on administrative accounts;

•        Secure storage of API keys and credentials in dedicated secret managers;

•        Regular review of sub-processors and access logs;

•        Incident response procedures, including breach notification to the Information Commissioner's Office within 72 hours where required by UK GDPR.

10. Your rights

Under UK GDPR, you have the right to:

•        Access the personal data we hold about you;

•        Request correction of inaccurate or incomplete data;

•        Request erasure of your data (the "right to be forgotten"), subject to legal exceptions;

•        Restrict or object to certain processing, including direct marketing;

•        Request data portability;

•        Withdraw consent at any time, where processing is based on consent;

•        Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at team@taskyn.co.uk. We will respond within one month.

If your data is processed by Taskyn on behalf of one of our business clients, you should normally direct your request to that client. We will support them in responding.

11. Cookies

Our website is built on Framer, which sets cookies for site functionality and analytics. Strictly necessary cookies are used to make the site work. Non-essential cookies (for analytics and, where applicable, marketing) are only used with your consent where required. You can manage your preferences through any cookie banner shown on the site or through your browser settings.

You should confirm what Framer is actually setting on your live site and add a cookie banner if non-essential cookies are in use. This is a legal requirement under PECR in the UK.

12. Children

Our services are not directed at children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Significant changes will be communicated to clients directly.

14. Contact us

Questions, concerns, or requests about this Privacy Policy or your personal data:

Email: team@taskyn.co.uk

Location: Glasgow, Scotland, United Kingdom