Privacy Policy

Last updated:: 2026-04-22
Effective:: 2026-04-22

This Privacy Policy explains how KhanX Labs Private Limited (“Atlas Task Manager”, “we”, “us”, “our”) collects, uses, shares, and protects personal information when you use the Atlas Task Manager websites, mobile applications, APIs, and related services (the “Service”).

1. Who we are

The data controller for the Service is KhanX Labs Private Limited, registered at the following address:

KhanX Labs Private Limited 3rd Floor, Business Hub Tower, Andheri East, Mumbai, Maharashtra 400069, India

The Service is operated at https://atlas.wrxstack.com and associated subdomains.

Our Data Protection Officer can be reached at dpo@khanxlabs.com. For privacy requests, write to privacy@wrxstack.com.

Our EU representative (GDPR Art. 27) is:

KhanX Labs EU Representative 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom Email: eu-rep@wrxstack.com

Our UK representative (UK GDPR Art. 27) is:

KhanX Labs UK Representative 128 City Road, London, EC1V 2NX, United Kingdom Email: uk-rep@wrxstack.com

2. Scope

This policy applies to personal information processed in connection with the Service. It does not apply to third-party websites, applications, or integrations that we do not operate, even if you reach them from within the Service.

When an organization (for example, your employer) provisions Atlas Task Manager for you, that organization is typically the data controller for your workspace data; we act as a data processor on its behalf. In that case, the organization's privacy practices also apply.

3. Information we collect

3.1 Account & profile data

When you register, we collect your name, email address, password hash (we never store plaintext passwords), time zone, language preference, and optional profile image. If you sign in through a third-party identity provider (Google, Microsoft, or GitHub), we receive the profile information that provider returns, typically your name, email, and provider user id.

3.2 Workspace & content data

We store the content you create in the Service: tasks, projects, labels, comments, attachments, workspaces, and related metadata. We process this content to operate the Service for you.

3.3 Usage, device, and log data

We collect diagnostic data that is generated automatically when you use the Service, including IP address, browser type and version, operating system, device identifiers, referring and exit URLs, actions taken within the Service, timestamps, and crash traces.

3.4 Cookies and similar technologies

We use cookies and local storage for authentication, security, and (if you consent) analytics. See our Cookie Policy.

3.5 Third-party OAuth & calendar data

If you connect a Google or Microsoft account for calendar sync, we request only the OAuth scopes needed to display and write calendar events on your behalf. See Google API Disclosure for our Google-specific handling.

3.6 Payment data

If the Service offers paid plans, billing is handled by a PCI-compliant processor identified in our Sub-processors list. We do not store full card numbers; we keep limited data such as plan, last four digits, and billing contact.

3.7 Communications

If you contact support, we retain the correspondence to resolve and audit the request.

4. How we use information

Provide the Service: authenticate you, sync data, render tasks, send calendar events, deliver AI responses you requested.
Service improvement: diagnose bugs, monitor performance, understand feature usage in aggregate.
Security & fraud prevention: detect abuse, protect accounts, enforce our AUP.
Communications: transactional email (password resets, invites, billing receipts) and, with consent where required, product announcements.
Legal & compliance: comply with law, respond to lawful requests, enforce our Terms.

We do not sell personal information. We do not use your content (including your Google user data) to train generalized AI or machine-learning models.

5. Legal bases for processing (GDPR / UK GDPR)

Purpose	Legal basis (Art. 6)
Providing the Service you requested	Contract (Art. 6(1)(b))
Keeping accounts secure, fraud prevention	Legitimate interests (Art. 6(1)(f))
Analytics cookies, marketing email	Consent (Art. 6(1)(a))
Billing, tax, and accounting records	Legal obligation (Art. 6(1)(c))
Enforcing our Terms and defending legal claims	Legitimate interests (Art. 6(1)(f))

You can withdraw consent at any time; withdrawal does not affect processing already carried out.

6. AI features and Anthropic

Some features of the Service use third-party large language models (specifically Anthropic's Claude API). When you invoke an AI feature (for example, summarizing a project or generating a stand-up), the relevant prompt and content may be transmitted to Anthropic for processing.

Our contract with Anthropic provides that this content is not used to train Anthropic's models. Anthropic processes the input solely to generate the requested output. See our Sub-processors list for details.

7. Google user data

If you connect a Google account, our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. A complete disclosure is available at /legal/google-api-disclosure.

9. International data transfers

The Service is operated from the United States and other regions where our sub-processors are located. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on one or more of the following transfer mechanisms:

European Commission Standard Contractual Clauses (SCCs, 2021 modules).
UK International Data Transfer Agreement (IDTA) or UK Addendum to the SCCs.
Swiss Federal Data Protection and Information Commissioner SCC variant.
EU-US Data Privacy Framework (DPF), UK Extension, and Swiss-US DPF, where the importer is certified.
Adequacy decisions of the European Commission, where applicable.

You may request a copy of the safeguards we rely on by writing to dpo@khanxlabs.com.

10. Data retention

Category	Retention
Account and profile data	Until account deletion + 30 days (backups: up to 90 days).
Workspace content (tasks, projects, etc.)	Retained while the workspace exists, then 30 days after deletion.
Access logs and security events	12 months (rolling).
Billing and tax records	As required by law (typically 7 years).
Support communications	24 months after last interaction.
Marketing opt-out records	Indefinitely, to honor your preference.

When you delete your account, we delete or anonymize personal data on the schedule above, except data we must retain to comply with law, resolve disputes, or enforce agreements.

11. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, or alteration. See our Security & Responsible Disclosure page for an overview.

12. Your rights (EEA / UK)

If you are in the EEA, UK, or Switzerland, you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request erasure (“right to be forgotten”).
Restrict or object to certain processing.
Receive your data in a portable format.
Not be subject to decisions based solely on automated processing with legal or similarly significant effects.
Lodge a complaint with your local supervisory authority. You can find yours at edpb.europa.eu.

To exercise any of these rights, email privacy@wrxstack.com. We will respond within 30 days (extendable by 60 days for complex requests, as permitted by GDPR Art. 12(3)).

13. California (CCPA/CPRA) rights

If you are a California resident, you have the right to:

Know the categories and specific pieces of personal information we collect, use, disclose, and (if applicable) sell or share.
Delete personal information we collected from you, subject to statutory exceptions.
Correct inaccurate personal information.
Opt out of “sale” or “sharing” of personal information (we do not sell or share, as those terms are defined under CPRA).
Limit the use of sensitive personal information.
Be free from discrimination for exercising your rights.

You may also designate an authorized agent to act on your behalf. We verify requests by matching the requester to an authenticated account and, where necessary, a signed declaration. Submit requests to privacy@wrxstack.com.

We do not have actual knowledge of selling or sharing the personal information of consumers under 16 years of age.

14. Brazil (LGPD) rights

If you are in Brazil, you have the rights provided by the Lei Geral de Proteção de Dados (Law 13.709/2018), including confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, and the right to revoke consent. Contact dpo@khanxlabs.com to exercise these rights.

15. Children

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children below that age. If you believe a child has provided us with personal information, contact privacy@wrxstack.com and we will delete it.

16. Cookies

See our Cookie Policy for the cookies we use and how to manage them.

17. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or an in-product notice before the change takes effect. The “Last updated” date at the top of this page always reflects the most recent revision.

18. Contact us

Questions? Reach us at hello@wrxstack.com or by mail at:

KhanX Labs Private Limited KhanX Labs Private Limited 3rd Floor, Business Hub Tower, Andheri East, Mumbai, Maharashtra 400069, India

Privacy Policy

Last updated:: 2026-04-22
Effective:: 2026-04-22

1. Who we are

The data controller for the Service is KhanX Labs Private Limited, registered at the following address:

KhanX Labs Private Limited 3rd Floor, Business Hub Tower, Andheri East, Mumbai, Maharashtra 400069, India

The Service is operated at https://atlas.wrxstack.com and associated subdomains.

Our Data Protection Officer can be reached at dpo@khanxlabs.com. For privacy requests, write to privacy@wrxstack.com.

Our EU representative (GDPR Art. 27) is:

KhanX Labs EU Representative 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom Email: eu-rep@wrxstack.com

Our UK representative (UK GDPR Art. 27) is:

KhanX Labs UK Representative 128 City Road, London, EC1V 2NX, United Kingdom Email: uk-rep@wrxstack.com

2. Scope

3. Information we collect

3.1 Account & profile data

3.2 Workspace & content data

We store the content you create in the Service: tasks, projects, labels, comments, attachments, workspaces, and related metadata. We process this content to operate the Service for you.

3.3 Usage, device, and log data

3.4 Cookies and similar technologies

We use cookies and local storage for authentication, security, and (if you consent) analytics. See our Cookie Policy.

3.5 Third-party OAuth & calendar data

3.6 Payment data

3.7 Communications

If you contact support, we retain the correspondence to resolve and audit the request.

4. How we use information

Provide the Service: authenticate you, sync data, render tasks, send calendar events, deliver AI responses you requested.
Service improvement: diagnose bugs, monitor performance, understand feature usage in aggregate.
Security & fraud prevention: detect abuse, protect accounts, enforce our AUP.
Communications: transactional email (password resets, invites, billing receipts) and, with consent where required, product announcements.
Legal & compliance: comply with law, respond to lawful requests, enforce our Terms.

We do not sell personal information. We do not use your content (including your Google user data) to train generalized AI or machine-learning models.

5. Legal bases for processing (GDPR / UK GDPR)

Purpose	Legal basis (Art. 6)
Providing the Service you requested	Contract (Art. 6(1)(b))
Keeping accounts secure, fraud prevention	Legitimate interests (Art. 6(1)(f))
Analytics cookies, marketing email	Consent (Art. 6(1)(a))
Billing, tax, and accounting records	Legal obligation (Art. 6(1)(c))
Enforcing our Terms and defending legal claims	Legitimate interests (Art. 6(1)(f))

You can withdraw consent at any time; withdrawal does not affect processing already carried out.

6. AI features and Anthropic

7. Google user data

9. International data transfers

European Commission Standard Contractual Clauses (SCCs, 2021 modules).
UK International Data Transfer Agreement (IDTA) or UK Addendum to the SCCs.
Swiss Federal Data Protection and Information Commissioner SCC variant.
EU-US Data Privacy Framework (DPF), UK Extension, and Swiss-US DPF, where the importer is certified.
Adequacy decisions of the European Commission, where applicable.

You may request a copy of the safeguards we rely on by writing to dpo@khanxlabs.com.

10. Data retention

Category	Retention
Account and profile data	Until account deletion + 30 days (backups: up to 90 days).
Workspace content (tasks, projects, etc.)	Retained while the workspace exists, then 30 days after deletion.
Access logs and security events	12 months (rolling).
Billing and tax records	As required by law (typically 7 years).
Support communications	24 months after last interaction.
Marketing opt-out records	Indefinitely, to honor your preference.

When you delete your account, we delete or anonymize personal data on the schedule above, except data we must retain to comply with law, resolve disputes, or enforce agreements.

11. Security

12. Your rights (EEA / UK)

If you are in the EEA, UK, or Switzerland, you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request erasure (“right to be forgotten”).
Restrict or object to certain processing.
Receive your data in a portable format.
Not be subject to decisions based solely on automated processing with legal or similarly significant effects.
Lodge a complaint with your local supervisory authority. You can find yours at edpb.europa.eu.

To exercise any of these rights, email privacy@wrxstack.com. We will respond within 30 days (extendable by 60 days for complex requests, as permitted by GDPR Art. 12(3)).

13. California (CCPA/CPRA) rights

If you are a California resident, you have the right to:

Know the categories and specific pieces of personal information we collect, use, disclose, and (if applicable) sell or share.
Delete personal information we collected from you, subject to statutory exceptions.
Correct inaccurate personal information.
Opt out of “sale” or “sharing” of personal information (we do not sell or share, as those terms are defined under CPRA).
Limit the use of sensitive personal information.
Be free from discrimination for exercising your rights.

We do not have actual knowledge of selling or sharing the personal information of consumers under 16 years of age.

14. Brazil (LGPD) rights

15. Children

16. Cookies

See our Cookie Policy for the cookies we use and how to manage them.

17. Changes to this policy

18. Contact us

Questions? Reach us at hello@wrxstack.com or by mail at:

KhanX Labs Private Limited KhanX Labs Private Limited 3rd Floor, Business Hub Tower, Andheri East, Mumbai, Maharashtra 400069, India

1. Who we are

2. Scope

3. Information we collect

3.1 Account & profile data

3.2 Workspace & content data

3.3 Usage, device, and log data

3.4 Cookies and similar technologies

3.5 Third-party OAuth & calendar data

3.6 Payment data

3.7 Communications

4. How we use information

5. Legal bases for processing (GDPR / UK GDPR)

6. AI features and Anthropic

7. Google user data

8. How we share information

9. International data transfers

10. Data retention

11. Security

12. Your rights (EEA / UK)

13. California (CCPA/CPRA) rights

14. Brazil (LGPD) rights

15. Children

16. Cookies

17. Changes to this policy

18. Contact us

1. Who we are

2. Scope

3. Information we collect

3.1 Account & profile data

3.2 Workspace & content data

3.3 Usage, device, and log data

3.4 Cookies and similar technologies

3.5 Third-party OAuth & calendar data

3.6 Payment data

3.7 Communications

4. How we use information

5. Legal bases for processing (GDPR / UK GDPR)

6. AI features and Anthropic

7. Google user data

8. How we share information

9. International data transfers

10. Data retention

11. Security

12. Your rights (EEA / UK)

13. California (CCPA/CPRA) rights

14. Brazil (LGPD) rights

15. Children

16. Cookies

17. Changes to this policy

18. Contact us