TaskHawk Systems
Legal

Privacy Policy

Effective date: April 10, 2026. Last updated: May 6, 2026.

Who We Are

TaskHawk Systems, LLC ("TaskHawk," "we," "us," or "our") operates the Kevros runtime enforcement platform and the website at taskhawktech.com. TaskHawk Systems is headquartered in Charlottesville, Virginia, United States.

Information We Collect

We collect the following categories of information:

  • Contact information: name, email address, and organization name when you submit a contact form, sign up for an API key, or communicate with us.
  • Account and API credentials: API keys, operator identifiers, and authentication tokens issued to your account. Credentials are stored in hashed or encrypted form and are never logged in plaintext.
  • API usage and enforcement decision data: API call metadata (endpoint, timestamp, response code, latency) associated with your API key. Each enforcement decision (ALLOW, CONSTRAIN, or DENY) is recorded in the hash-chained provenance ledger along with the policy inputs, decision outcome, and cryptographic signature. This is a core function of the Service, not incidental data collection, and is required to provide quantum-resistant tamper-evident audit capability.
  • Automated system session metadata: when AI agents, services, or workflows submit enforcement attestation requests, the Service records the requesting system identifier, policy scope, timestamp, and decision result. Payload content (e.g., model inputs or outputs) is not stored by TaskHawk unless explicitly included in the enforcement request by the operator.
  • Payment information: billing details processed by our payment processors. We do not store credit card numbers or full payment credentials directly. See the Payment Services Disclosure section below for full detail on all payment methods and how each is handled.
  • Technical data: IP address, browser type, and operating system collected automatically through standard web server logs when you access the website or API.

How We Use Your Information

  • To provide, operate, and maintain the Kevros Runtime Enforcement Gateway and associated APIs.
  • To process enforcement attestation requests and enforce policies on your behalf.
  • To generate and maintain the hash-chained provenance ledger (a core product function required for auditability and compliance).
  • To process payments and manage subscriptions through secure payment processors.
  • To communicate with you about your account, service updates, or security notices.
  • To support AI risk management functions as described in the Runtime Enforcement Data Processing section below.
  • To comply with legal obligations.

Runtime Enforcement Data Processing

The Kevros Runtime Enforcement Gateway supports AI risk management programs. The following describes how data flows through the runtime enforcement pipeline in alignment with the NIST AI Risk Management Framework (NIST AI RMF) functions:

  • GOVERN: Policies are configured by the operator (you) before the Service processes any automated system requests. Policy parameters (bounds, permission scopes, allowed operations) are operator-controlled and stored in your deployment environment. TaskHawk does not access or modify your policy configuration without your authorization.
  • MAP: Each enforcement attestation request includes contextual data you supply: the requesting system's identity, the proposed action, and relevant telemetry. The Service maps this input against your configured policy to determine the appropriate decision (ALLOW, CONSTRAIN, or DENY). No external data sources are introduced by TaskHawk during this mapping step.
  • MEASURE: Every enforcement decision is logged in the append-only, hash-chained provenance ledger with a cryptographic signature. This ledger constitutes the evidence record for AI risk measurement and audit. The ledger is tamper-evident: any modification invalidates the hash chain.
  • MANAGE: The Service operates on a fail-closed model. If an enforcement decision cannot be made (e.g., policy ambiguity or system failure), the Service issues a DENY decision rather than defaulting to ALLOW. Risk management decisions are recorded in the provenance ledger for subsequent review.

The runtime enforcement pipeline does not make decisions about individuals based on automated profiling. Enforcement decisions apply to system actions, not to individual persons, and are based solely on the policy parameters you configure.

Payment Services Disclosure

The following payment methods are used to process subscriptions and API access fees. All payment collection occurs exclusively through secure, purpose-built payment interfaces; no financial transaction data is collected or transmitted through any AI agent, software automation, chatbot, bot, or runtime enforcement API call. The Kevros Runtime Enforcement Gateway API does not process, store, or transmit payment card data.

  • Hosted checkout and invoicing: Standard subscription billing is processed through secure hosted checkout or invoice paths. We do not store credit card numbers or full payment credentials.
  • Cloud marketplace billing: Subscriptions purchased through a supported cloud marketplace are billed and managed by the applicable marketplace provider through the customer's marketplace account. TaskHawk receives only subscription status, plan, or entitlement identifiers; no payment card or banking data is shared with TaskHawk.
  • Programmatic billing channels: Approved programmatic billing channels may be made available for developer API access. These channels are separate from the Kevros enforcement decision pipeline and are not available through the website checkout flow.

Payments may not be made through the Service for goods or services that violate applicable law, platform policies, or TaskHawk's Terms of Service.

Marketplace Deployments

When the Kevros Runtime Enforcement Gateway is deployed through a supported cloud marketplace or private deployment channel, the following additional terms apply:

  • Customer cloud deployment: The software runs in the customer's cloud subscription or account according to the deployment model selected during procurement. Your operational data (telemetry, enforcement decisions, provenance records) remains within that customer-controlled environment unless your deployment documentation states otherwise.
  • Publisher access: Publisher access, if any, is scoped to software updates, incident response, and health monitoring as described below. TaskHawk does not use publisher access to inspect customer operational data.

Publisher Access for Managed Customer Deployments

For managed customer deployments, TaskHawk may retain scoped publisher or operator access for the following purposes only:

  • Software updates: deploying new container image versions.
  • Incident response: diagnosing deployment failures when you contact support.
  • Health monitoring: verifying container health status for SLA compliance.

This access does not grant TaskHawk the ability to read your operational data, provenance records, or business information. Publisher access is governed by the deployment-specific authorization model and is auditable through the customer's cloud logs.

Data Retention

API usage metadata and provenance records are retained for the duration of your subscription plus 90 days, or as required by applicable law or contractual obligations. Contact information is retained until you request deletion. Payment records are retained as required by tax and financial regulations. For marketplace deployments, data stored within your own cloud subscription is subject to your own retention and deletion policies.

Data Sharing

We do not sell your personal information. We share data only with:

  • Payment processors and marketplace providers: Payment processors and supported marketplace providers receive billing information necessary to process subscriptions. No operational or enforcement data is shared with payment processors.
  • Cloud infrastructure providers: Cloud infrastructure providers receive the information necessary to host and operate the selected deployment model. Data is processed subject to the applicable data protection agreements.
  • Legal requirements: when required by law, subpoena, or government request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal information.
  • Object to or restrict certain processing activities.
  • Data portability (receive your data in a structured format).
  • Opt out of the sale of personal information (we do not sell personal information).

To exercise any of these rights, contact us at governance@taskhawktech.com.

Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest (AES-256), access controls, and audit logging. Marketplace deployments keep customer operational data inside the customer's selected cloud environment, and customer runtime data planes are designed to use private endpoints and scoped access. The Kevros runtime enforcement pipeline uses cryptographic HMAC signatures and an append-only, hash-chained provenance ledger to ensure the integrity of all enforcement decisions. For details, see our Platform page.

International Transfers

Our services are hosted in the United States and may be processed in customer-selected or TaskHawk-selected cloud regions depending on your deployment selection. By using our services, you consent to the transfer of your information to the United States. For EU/EEA users, transfers are conducted under Standard Contractual Clauses or other approved mechanisms.

GDPR (EU/EEA Users)

For customers subject to the EU General Data Protection Regulation (GDPR):

  • Data controller: You are the data controller for all data within your own customer-controlled cloud subscription or account.
  • Data processor: For SaaS API usage, TaskHawk acts as a data processor for enforcement decision metadata on your behalf.
  • Legal basis: Contract performance (providing the Service) and legitimate interest (software quality and security) for diagnostic telemetry.
  • Data subject rights: Contact governance@taskhawktech.com to exercise rights regarding any data processed by TaskHawk.

CCPA (California Residents)

  • TaskHawk does not sell personal information.
  • TaskHawk does not share personal information for cross-context behavioral advertising.
  • California residents may contact us at governance@taskhawktech.com to exercise rights under the CCPA.

Children

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website. Continued use of the service after changes constitutes acceptance.

Contact

For privacy-related inquiries:
TaskHawk Systems, LLC
Charlottesville, VA
governance@taskhawktech.com