Privacy Policy

Auto Task Lab an assumed name of OnePillar Holdings LLC. PRIVACY POLICY Effective Date: February 12 2026

This Privacy Policy describes how Auto Task Lab ("Company," "we," "us," or "our") collects, uses, and discloses your Personal Data. The Company is an assumed name under which OnePillar Holdings LLC, a single-member limited liability company, conducts business. For any inquiries, please contact our data controller at: hello@autotasklab.com

Scope and Applicability

This Privacy Policy applies to all Personal Data processed by us in connection with the services, products, websites, applications, and other platforms we offer (collectively, the "Services"). It covers Personal Data collected from our customers, prospective customers, employees, contractors, vendors, and visitors to our digital and physical properties. This Policy is applicable within [Applicable Jurisdictions] and is intended to comply with the relevant data protection laws therein. It does not apply to third-party websites, services, or applications that may be linked to or from our Services.

Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

  • "Personal Data" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes identifiers such as a name, an identification number, location data, and an online identifier. The term aligns with concepts such as "personal information" found in statutes like the Tennessee Consumer Protection Act.
  • "Sensitive Personal Data" means Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. Under Tennessee law, processing of sensitive data concerning a consumer requires consent.
  • "Process" or "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • "Controller" means the natural or legal person which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For the purposes of this Policy, [Portfolio Company Name], as an assumed name of OnePillar Holdings LLC, is the Controller.
  • "Processor" means a natural or legal person which processes Personal Data on behalf of the Controller.
  • "Services" refers to the products, services, websites, and applications offered by the Company.
  • "You" or "Your" refers to the individual whose Personal Data is being processed.
  • "We," "Us," or "Our" refers to [Portfolio Company Name].
  • "Assumed Name" or "DBA" refers to a "doing business as" name, which for the purposes of this policy is Auto Task Lab, an entity through which OnePillar Holdings LLC operates.

Categories of Personal Data Collected

We limit the collection of Personal Data to what is adequate, relevant, and reasonably necessary for the purposes for which it is processed. We collect and process the following categories of Personal Data:

  • Identifiers: This includes names, postal addresses, email addresses, phone numbers, unique personal identifiers, online identifiers, and Internet Protocol (IP) addresses. Tennessee law defines "personal information" to include a name in combination with elements like a social security number or driver's license number.
  • Contact Information: This includes your mailing address, email address, and telephone number.
  • Financial and Payment Data: This includes bank account information, credit or debit card numbers, and other information necessary to process payments and prevent fraud.
  • Employment-Related Information: For employees, contractors, and job applicants, this includes resume details, employment history, professional qualifications, background check information, and other data necessary for recruitment, human resources management, and payroll.
  • Transactional Data: This includes information about your transactions with us, such as details about products and services you have purchased, payment history, and order details.
  • Technical and Device Information: This includes information about the device you use to access our Services, such as hardware model, operating system, browser type, and device identifiers.
  • Usage Data: This includes information about how you use our Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Services.
  • Communications Data: This includes the content of your communications with us, whether through email, social media, telephone, or other channels.
  • Demographic Information: This includes information such as your age, gender, and country, which may be collected for statistical or marketing purposes.
  • Sensitive Personal Data: We only collect Sensitive Personal Data, such as biometric data, where it is strictly necessary and with your explicit consent or as otherwise permitted by law. For example, collection of individual student biometric data requires written consent from parents or the student if they are over 18.

How Personal Data Is Collected

We collect Personal Data through various methods, depending on the nature of our interaction with you. These methods include:

  • Directly from You: We collect Personal Data that you provide to us directly. This occurs when you create an account, purchase our Services, fill out forms on our website, communicate with our customer support, or otherwise voluntarily provide information.
  • Automatically Through Your Use of Our Services: When you interact with our websites, applications, or other digital Services, we automatically collect certain Technical, Device, and Usage Data. This information helps us understand user behavior and improve our Services.
  • From Third-Party Sources: We may receive Personal Data about you from third parties, such as our business partners, data brokers, analytics providers, and payment processors. We may also collect information from social media platforms if you interact with our social media pages or use social media credentials to log into our Services.
  • From Publicly Available Sources: We may collect Personal Data from publicly accessible sources, such as government records, professional directories, and other public databases.
  • Through Cookies and Other Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to collect information automatically from your browser or device. These technologies help us personalize your experience, analyze trends, and administer our Services. Further details are provided in the "Cookies and Tracking Technologies" section of this Policy.

Purposes for Processing and Legal Bases

We process your Personal Data only for specified, explicit, and legitimate purposes. We will not process your Personal Data for purposes that are beyond what is reasonably necessary and compatible with the disclosed purposes, unless we obtain your consent. Our primary purposes for processing Personal Data, along with the legal bases we rely upon, are as follows:

  • To Provide and Manage Our Services: We process your Personal Data to fulfill our contractual obligations to you, including creating your account, processing your orders, and delivering the products or services you have requested.
  • Legal Basis: Performance of a Contract.
  • To Process Payments: We use your Financial and Payment Data to process transactions for the Services you purchase.
  • Legal Basis: Performance of a Contract.
  • To Communicate with You: We use your contact information to respond to your inquiries, send you administrative information (such as updates to our terms or policies), and provide customer support.
  • Legal Basis: Legitimate Interest; Performance of a Contract.
  • For Marketing and Advertising: We may use your Personal Data to send you marketing communications about our Services, promotions, and events that may be of interest to you. You may opt out of these communications at any time.
  • Legal Basis: Consent; Legitimate Interest.
  • For Analytics and Service Improvement: We analyze Usage and Technical Data to understand how our Services are used, diagnose technical issues, and develop new features and offerings.
  • Legal Basis: Legitimate Interest.
  • For Security and Fraud Prevention: We process Personal Data to protect our Services, our customers, and our business from fraud, cyberattacks, and other malicious activities.
  • Legal Basis: Legitimate Interest; Legal Obligation.
  • To Comply with Legal Obligations: We may process your Personal Data to comply with applicable laws, regulations, court orders, or other legal processes, such as responding to subpoenas or government requests.
  • Legal Basis: Legal Obligation.
  • For Human Resources and Employment Management: We process the Personal Data of our employees, contractors, and job applicants for recruitment, payroll, benefits administration, performance management, and other internal HR functions.
  • Legal Basis: Performance of a Contract; Legal Obligation; Legitimate Interest.

Disclosure and Sharing of Personal Data

We do not sell your Personal Data for monetary consideration. However, we may share or disclose your Personal Data with certain categories of third parties for business purposes, as described below. When we do, we take steps to ensure that your data is protected and used only for the purposes for which it was disclosed.

We may disclose your Personal Data to the following categories of recipients:

  • OnePillar Holdings LLC and Our Affiliates: We may share Personal Data with our parent company, OnePillar Holdings LLC, and other affiliated entities for internal administrative purposes, strategic planning, and operational efficiency.
  • Service Providers and Processors: We engage third-party vendors and service providers to perform functions on our behalf, such as payment processing, data hosting, analytics, marketing, and customer support. These parties are contractually obligated to protect the data and are restricted from using it for any other purpose.
  • Professional Advisors: We may share Personal Data with our legal, financial, insurance, and other professional advisors in the course of the services they provide to us.
  • Government and Regulatory Bodies: We may disclose Personal Data to law enforcement agencies, courts, regulators, or other public authorities to comply with a legal obligation or to protect our rights or the rights of others.
  • In Connection with a Business Transaction: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be shared or transferred as part of that transaction, subject to standard confidentiality agreements.
  • Marketing Partners: With your consent, we may share Personal Data with trusted partners for co-marketing or joint promotional activities.

International Transfers

Your Personal Data may be transferred to, and processed in, countries other than the one in which you reside. These countries may have data protection laws that are different from the laws of your country. When we transfer your Personal Data internationally, we will ensure that appropriate safeguards are in place to protect your data, such as by using Standard Contractual Clauses, relying on an adequacy decision, or obtaining your explicit consent for the transfer.

Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and other similar tracking technologies (collectively, "Cookies") to operate and personalize our Services. Cookies are small data files stored on your device that help us improve your experience, understand user activity, and deliver relevant advertising.

We use the following categories of Cookies:

  • Strictly Necessary Cookies: These are essential for the Services to function and cannot be switched off. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms.
  • Performance Cookies: These allow us to count visits and traffic sources so we can measure and improve the performance of our Services. They help us know which pages are the most and least popular and see how visitors move around the site.
  • Functional Cookies: These enable the Services to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
  • Targeting and Advertising Cookies: These may be set through our site by our advertising partners to build a profile of your interests and show you relevant advertisements on other sites.

You can manage your Cookie preferences through your browser settings or via the cookie consent tool on our website. Please note that disabling certain Cookies may affect the functionality of our Services.

Data Retention

We retain Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our collection of Personal Data is limited to what is adequate, relevant, and reasonably necessary in relation to the disclosed processing purposes.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process it; and applicable legal requirements. For example, transactional records may be kept for several years to comply with tax and accounting laws, while marketing contact information may be retained until you opt out.

Upon expiration of the applicable retention period, we will securely destroy or permanently anonymize your Personal Data in accordance with applicable laws and regulations.

Data Security and Confidentiality

We are committed to protecting the confidentiality, integrity, and accessibility of your Personal Data. We have established, implemented, and maintain reasonable administrative, technical, and physical data security practices appropriate to the volume and nature of the Personal Data at issue. These measures are designed to protect against unauthorized access, disclosure, alteration, or destruction.

Our security measures include:

  • Technical Safeguards: Use of encryption for data in transit and at rest, firewalls, and secure access protocols. The term "encrypted" refers to data rendered unusable or indecipherable without a decryption key.
  • Administrative Safeguards: Restricting personnel access to Personal Data on a "need-to-know" basis, conducting employee training on data protection, and implementing vendor risk management programs.
  • Physical Safeguards: Securing our physical premises and data centers where Personal Data is stored.

We also have an incident response plan to address any potential data security breaches. While we take commercially reasonable measures to protect your Personal Data, no method of transmission over the internet or method of electronic storage is 100% secure.

Individual Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your Personal Data. We are committed to facilitating the exercise of these rights. In accordance with Tennessee law, we provide you with a means to submit requests to exercise your consumer rights. These rights may include:

  • Right to Access: The right to confirm whether we are processing your Personal Data and to access a copy of that data.
  • Right to Rectification: The right to request correction of inaccurate Personal Data we hold about you.
  • Right to Erasure (Deletion): The right to request the deletion of your Personal Data, subject to certain exceptions.
  • Right to Restriction of Processing: The right to request that we limit the processing of your Personal Data in certain circumstances.
  • Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to Object: The right to object to the processing of your Personal Data for certain purposes, including direct marketing.
  • Right to Opt-Out: The right to opt out of the processing of your Personal Data for purposes of targeted advertising or the sale of your Personal Data.
  • Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please submit a request through [CONTACT METHOD OR PORTAL ADDRESS]. We will not discriminate against you for exercising your rights. To protect your privacy, we will take steps to verify your identity before fulfilling your request. We will respond to your request within the timeframes required by applicable law. If we deny your request, we will inform you of the reason for the denial and provide you with instructions on how you may appeal the decision.

Children's Data

Our Services are not directed to children under the age of 16, and we do not knowingly collect Personal Data from children without verifiable parental consent. In accordance with the Children’s Online Privacy Protection Act (COPPA) and other applicable laws, we will not process Personal Data concerning a known child without obtaining consent. In certain contexts, such as the collection of individual student biometric data, we will obtain written consent from parents or from students who are 18 years of age or older. If you are a parent or guardian and believe we have collected Personal Data from your child without your consent, please contact us immediately at [hello@autotasklab.com] to request the deletion of that information.

Special / Sensitive Categories of Data

We do not process Sensitive Personal Data except in limited circumstances where it is necessary for the provision of our Services and where we have a lawful basis to do so. "Sensitive Personal Data" includes information concerning health, biometrics, racial or ethnic origin, or other categories as defined by applicable law. We will not process your Sensitive Personal Data without obtaining your explicit consent, unless otherwise permitted or required by law. For example, we will obtain your written consent before collecting any individual biometric data. Any Sensitive Personal Data we process is subject to heightened security measures. Please note that this policy may not apply to information governed by specific federal statutes such as the Health Insurance Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act (GLBA), as our obligations for that data will be governed by those respective laws.

Third‑Party Links and Third‑Party Services

Our Services may contain links to websites, applications, and services operated by third parties. This Privacy Policy does not apply to the privacy practices of these third parties. We do not have control over, and are not responsible for, their data collection or privacy practices. We encourage you to review the privacy policies of any third-party service before providing them with your Personal Data.

Legal Requests, Compliance, and Law Enforcement

We may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, a court order, or a subpoena. This includes responding to valid requests from public authorities, such as law enforcement or government agencies. Before disclosing any information, we will review the legal basis and authority of the request to ensure it is valid and lawfully issued. Where permitted by law, we will make a reasonable effort to notify you before disclosing your Personal Data in response to such a request, unless providing notice is prohibited by the legal process itself or could create a risk of harm.

International Transfers and Cross‑Border Processing

Our business operations may require us to transfer your Personal Data to, and process it in, countries outside of your state or country of residence. These jurisdictions may have data protection laws that differ from your own. When we transfer Personal Data across borders, we will take appropriate measures to ensure that your data receives an adequate level of protection. These safeguards include using mechanisms such as Standard Contractual Clauses, relying on adequacy decisions for certain countries, or obtaining your explicit consent for the transfer. For more information about our cross-border data transfer practices, please contact us at [hello@autotasklab.com].

Data Breach Notification

In the event of a "breach of system security" that materially compromises the security, confidentiality, or integrity of your Personal Data, we will take immediate steps to contain and investigate the incident. As required by law, we will notify affected individuals whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. This notification will be made without unreasonable delay and no later than forty-five (45) days from the discovery of the breach, unless a law enforcement agency determines that notification would impede a criminal investigation. Notice may be provided in writing, by electronic means, or through substitute notice if certain conditions are met. If the breach affects more than one thousand (1,000) individuals, we will also notify the major consumer reporting agencies. The notification will describe the nature of the breach, the information involved, and the steps you can take to protect yourself.

Marketing Communications and Direct Messaging

We may use your Personal Data to send you marketing communications regarding our Services, promotions, and special offers. We will only do so where we have a lawful basis, such as your consent or our legitimate interest. All marketing communications will include a clear and conspicuous method for you to opt out of future messages. You may exercise your right to opt out of the processing of your data for targeted advertising at any time. We may engage third-party marketing partners to assist with our marketing campaigns, and we will ensure they comply with applicable laws and our privacy standards. Any telemarketing or SMS messaging will be conducted in compliance with the Telephone Consumer Protection Act (TCPA) and other applicable regulations.

Employee, Contractor, and Vendor Data Processing

This Privacy Policy primarily addresses the processing of customer Personal Data. However, we also process Personal Data related to our employees, independent contractors, and vendor contacts for legitimate business purposes. This processing includes activities related to recruitment, human resources management, payroll and benefits administration, performance evaluation, and compliance with employment and tax laws. The legal bases for this processing include the performance of a contract, compliance with legal obligations, and our legitimate interests. Access to such data is restricted internally to authorized personnel, and it is subject to specific retention schedules and security safeguards appropriate for its sensitive nature.

Data Protection Officer / Privacy Contact

To exercise your rights, or if you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us. We have designated a point of contact responsible for handling privacy inquiries. Privacy Contact: [hello@autotasklab.com] We will respond to your requests in accordance with the timelines and procedures required by applicable law.

Dispute Resolution, Governing Law and Jurisdiction

This Privacy Policy and any disputes arising out of or related to it shall be governed by and construed in accordance with the laws of the State of [TN], without regard to its conflict of law principles. Any legal action or proceeding relating to this Privacy Policy shall be brought exclusively in the state or federal courts located in [TN]. By using our Services, you agree to the personal jurisdiction of and venue in such courts

Changes to This Privacy Policy and Effective Date

We reserve the right to amend this Privacy Policy at any time. If we make material changes, we will notify you by posting the updated policy on our website and updating the "Effective Date" at the top of this policy. We may also provide notice through other means, such as by sending an email or displaying a banner on our Services. Your continued use of our Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised policy.

Acknowledgment, Consent and Acceptance Mechanism

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. Where required by law, we will obtain your explicit consent for specific processing activities. In other cases, your continued use of the Services after being provided with this policy will be considered your acceptance of its terms. A provision of a contract or agreement that purports to waive or limit your consumer rights is void and unenforceable.

Record-keeping and Audit Trail

We maintain records of our data processing activities, including records of consent and documentation of our compliance with this Privacy Policy and applicable laws. These records are maintained to demonstrate our accountability and to prepare for and cooperate with any audits or inquiries from regulatory authorities. We have procedures in place to ensure data accuracy and to implement corrective actions if errors are identified.

Auto Task Lab