Security

Overview

Your data’s safety is not just an option but a promise. Security isn’t an afterthought; it’s part of the culture and the foundation of every decision we make. Taskade begins with the safety and privacy of your data in mind.

Secure User Authentication

Taskade employs a comprehensive suite of authentication features. At a basic level, we enforce a complex password policy, ensuring the foundational security of your account. We further strengthen this by supporting Two-Factor Authentication (2FA) through Google Sign In and intensify it with Multi-Factor Authentication (MFA).

For paying customers, Taskade partners with identity management giants like Okta, Azure AD, and Google Workspace, offering SAML and SCIM support, thereby maintaining a robust and diverse ecosystem for authentication.

  • SAML (Security Assertion Markup Language): An open standard allowing identity providers to pass authorization credentials to service providers. This ensures seamless and secure user access without the need for passwords. Taskade supports SAML authentication via Azure AD, Okta, and Google Workspace.
  • SCIM (System for Cross-domain Identity Management): Facilitates the automation of user provisioning and de-provisioning, making it easier to manage and synchronize user identities. Taskade integrates with SCIM via both Azure AD and Okta.

By employing a multi-pronged strategy, Taskade ensures your data is not only protected but ensconced in multiple layers of security.

Data Protection and Encryption

While Taskade currently does not provide end-to-end encryption, we utilize AES-256 encryption algorithms for both data at rest and in transit. This strategy ensures that essential features such as full-text search remain functional while maximizing data protection.

Data Privacy

Taskade believes in giving control to the users. By default, your projects and workspaces are private. Sharing access is completely at your discretion, ensuring you control who views your data. You have total control over permissions and access.

Internal Access

At Taskade, even internal access to data is highly restricted and continuously monitored. All personnel granted production server access are not only thoroughly vetted but are authorized by executive team members who are legally bound to protect your data.

Google Cloud Application Security Assessment (CASA) Certification

Taskade proudly announces our Google Cloud Application Security Assessment (CASA) Certification, a testament to our unwavering commitment to the highest security standards. This achievement aligns with the OWASP Application Security Verification Standard (ASVS), ensuring comprehensive security coverage from potential vulnerabilities to architectural integrity. For more details on ASVS, visit OWASP ASVS, and for CASA specifics, see CASA.

Our certification process involved rigorous adherence to CASA requirements, covering a wide range of security measures and demonstrating Taskade’s commitment to a secure, privacy-focused platform. By meeting CASA’s stringent standards, Taskade reinforces its dedication to providing a secure environment for collaboration and productivity, in line with the OWASP mission to enhance software security through community education and open-source initiatives.

Compliance & Future Roadmap

While we are in the process of becoming SOC2 and GDPR compliant, our current practices are designed to align with or exceed existing industry standards. Ensuring compliance is a top priority, and we are diligently working to obtain the necessary certifications.

Security Architecture & Monitoring

  1. Our service runs on AWS, and we follow their security best practices. Our servers run on Linux. Administrators use sudo to elevate privileges when necessary.
  2. We deploy Rate Limiting on account, IP, and audit event level.
  3. All relevant production log entries are stored remotely, with pattern matching and alerts for malicious intent, as well as unexpected crashes, exceptions and other error conditions.
  4. We harden system images and roll out new ones on every change automatically via CICD, this applies to all clusters. Security patches are rolled out automatically. We have process in place to roll out emergency patches instantly.
  5. We have thousands of unit tests, system tests, integration tests, confirming changes are secure, correct, performant.

Taskade AI

Empowering your workflow with AI, Taskade uses OpenAI's technology, leveraging GPT-4 and GPT-3.5 Turbo to offer intelligent, AI-powered tools. And we ensure this power comes without a compromise on data security.

While Taskade AI enhances your work with these powerful tools, your data security remains a priority. Adhering to our stringent data protection protocols, we assure you that your information will not be used for model training. Any data shared with our partners is exclusively to facilitate the delivery of Taskade AI features, and we strictly prohibit them from using your information for training their models or any other purposes. With Taskade AI, you can enhance your productivity while ensuring your data remains secure and confidential.

Partnerships & Infrastructure

We collaborate with leading industry players to build a robust security architecture. While some member data may be stored in our virtual cloud, our partners do not possess decryption capabilities.

General Data Protection Regulation (GDPR Compliance)

At Taskade, we take the protection of your personal data seriously. There are two main types of data associated with your Taskade account:

  1. Contact and Payment Information: Only full-time Taskade employees have access to this data. We never share it with third parties, except for payment processing.
  2. User Data: This is the data you store within your Taskade projects and tasks. Again, only full-time employees have any level of access to the storage infrastructure where this data resides.

Are Our Customers Able to Use Taskade Without Risking a GDPR Breach?

Yes. Taskade is fully compliant with the GDPR. If your business operates in a jurisdiction where the GDPR applies, you are responsible for ensuring that your business operations are also compliant.

What Types of Personal Data Does Taskade Collect?

When registering for Taskade, you voluntarily provide us with information such as your name and email address. Additionally, the following data might be collected:

  • Email
  • IP Address
  • Device ID
  • Name and Surname (optional)
  • Invoice Address (for Business accounts)

Why Does Taskade Collect Personal Data?

The data we collect is essential for providing you with our services and is used to improve Taskade's features and functionalities.

How Can I Access and Export My Personal Data?

To have your personal data exported, please contact us. We also provide various methods to export your data.

Who Owns My Data in Taskade?

When using Taskade on an individual plan, Taskade acts as a Data Processor, which means we control how your user data is processed and ensure it's processed within GDPR regulations. By sharing your content with other Taskade users, you grant each of those users the right to access and interact with your content through our service.

Does Taskade Use Third-Party Services to Process Data?

We use GDPR-compliant third-party services such as Stripe, AWS, and Google Workspace.

Retention of Data

The limited personal information you provide when signing up for Taskade is retained indefinitely. Your actual data in Taskade is destroyed within 30 days of account cancellation.

Technical Details

Data stored in Taskade is secured using industry-standard encryption protocols. Each account is isolated to ensure data integrity and security.

GDPR Contacts

The Data Controller for Taskade is the Technical Support Team, reachable at [email protected]. The Data Protection Officer is John Xie, who can be reached at [email protected].

System Uptime & Continuity

We deploy monitoring and (thousands of) alerts for system health, product health, and abuse (attack signatures, audit events).

Our server status page is completely separate from our production platform, all the way up to the domain registrar, and lets you know of any issue affecting production, as well as the @Taskade Twitter account.

Transparency in Business

  • Taskade will never sell your data.
  • You can use Taskade for free, and upgrade any time.
  • Taskade's revenue comes from paid subscribers — not advertisers.
  • All Taskade employees undergo rigorous background and security checks.
  • Taskade is part of Y-Combinator, and backed by reputable entrepreneurs and investors.

Billing and Payment

Taskade processes credit card payments via Stripe. Stripe is a PCI-certified payment provider and meets arduous compliance standards. We also structure our payment forms so that your payment details are sent directly to Stripe’s systems and not stored in Taskade, which is an additional layer of security.

More Information

For more details, visit our comprehensive FAQ, support documents, privacy policy, and terms of service.

Got a question? Get in touch.

Contact Us
Made with ❤️ in San Francisco, US