This policy can also be viewed in-app, via Settings (⚙️) > Privacy and Agreements.
In short: this is an very simple app. It's frontend only, doesn't know who you are, doesn't collect any of your data, and doesn't have a server to store your data.
1. Your gmail address, password, other google account info, etc
When you click the "Sign in with Google" button, it uses the OAuth protocol to let Google identify who your are, which pops out a window where you pick a google account. Next you can grant various permissions for 3rd party to access your data. In this app, the only permission being requested is your "tasks". Since you didn't give permissions to any other things like your gmail address, name, profile picture, other data, etc, this app cannot access them.
2. Data from your tasks:
This app is front-end only, and doesn't have a server to collect or store your data. After connecting with google's Tasks API, it retrieves and displays your tasks. When you make edits, it's submitted back to the google tasks API. Data is transferred via https.
Except the google server, it doesn't send your tasks data anywhere else on the internet. All network traffic can be monitored in the Chrome DevTools (press F12 then choose the "Network" tab).
3. Source Code
Although this app doesn't use an open source license, frontend JavaScript is always open by nature. Anybody is free to inspect the source code.