Your data’s safety is not just an option but a promise. Security isn’t an afterthought; it’s part of the culture and the foundation of every decision we make. Taskade begins with the safety and privacy of your data in mind.
Taskade employs a comprehensive suite of authentication features. At a basic level, we enforce a complex password policy, ensuring the foundational security of your account. We further strengthen this by supporting Two-Factor Authentication (2FA) through Google Sign In and intensify it with Multi-Factor Authentication (MFA).
For paying customers, Taskade partners with identity management giants like Okta, Azure AD, and Google Workspace, offering SAML and SCIM support, thereby maintaining a robust and diverse ecosystem for authentication.
By employing a multi-pronged strategy, Taskade ensures your data is not only protected but ensconced in multiple layers of security.
While Taskade currently does not provide end-to-end encryption, we utilize AES-256 encryption algorithms for both data at rest and in transit. This strategy ensures that essential features such as full-text search remain functional while maximizing data protection.
Taskade believes in giving control to the users. By default, your projects and workspaces are private. Sharing access is completely at your discretion, ensuring you control who views your data. You have total control over permissions and access.
At Taskade, even internal access to data is highly restricted and continuously monitored. All personnel granted production server access are not only thoroughly vetted but are authorized by executive team members who are legally bound to protect your data.
Taskade proudly announces our Google Cloud Application Security Assessment (CASA) Certification, a testament to our unwavering commitment to the highest security standards. This achievement aligns with the OWASP Application Security Verification Standard (ASVS), ensuring comprehensive security coverage from potential vulnerabilities to architectural integrity. For more details on ASVS, visit OWASP ASVS, and for CASA specifics, see CASA.
Our certification process involved rigorous adherence to CASA requirements, covering a wide range of security measures and demonstrating Taskade’s commitment to a secure, privacy-focused platform. By meeting CASA’s stringent standards, Taskade reinforces its dedication to providing a secure environment for collaboration and productivity, in line with the OWASP mission to enhance software security through community education and open-source initiatives.
While we are in the process of becoming SOC2 and GDPR compliant, our current practices are designed to align with or exceed existing industry standards. Ensuring compliance is a top priority, and we are diligently working to obtain the necessary certifications.
Empowering your workflow with AI, Taskade uses OpenAI's technology, leveraging GPT-4 and GPT-3.5 Turbo to offer intelligent, AI-powered tools. And we ensure this power comes without a compromise on data security.
While Taskade AI enhances your work with these powerful tools, your data security remains a priority. Adhering to our stringent data protection protocols, we assure you that your information will not be used for model training. Any data shared with our partners is exclusively to facilitate the delivery of Taskade AI features, and we strictly prohibit them from using your information for training their models or any other purposes. With Taskade AI, you can enhance your productivity while ensuring your data remains secure and confidential.
We collaborate with leading industry players to build a robust security architecture. While some member data may be stored in our virtual cloud, our partners do not possess decryption capabilities.
At Taskade, we take the protection of your personal data seriously. There are two main types of data associated with your Taskade account:
Yes. Taskade is fully compliant with the GDPR. If your business operates in a jurisdiction where the GDPR applies, you are responsible for ensuring that your business operations are also compliant.
When registering for Taskade, you voluntarily provide us with information such as your name and email address. Additionally, the following data might be collected:
The data we collect is essential for providing you with our services and is used to improve Taskade's features and functionalities.
To have your personal data exported, please contact us. We also provide various methods to export your data.
When using Taskade on an individual plan, Taskade acts as a Data Processor, which means we control how your user data is processed and ensure it's processed within GDPR regulations. By sharing your content with other Taskade users, you grant each of those users the right to access and interact with your content through our service.
We use GDPR-compliant third-party services such as Stripe, AWS, and Google Workspace.
The limited personal information you provide when signing up for Taskade is retained indefinitely. Your actual data in Taskade is destroyed within 30 days of account cancellation.
Data stored in Taskade is secured using industry-standard encryption protocols. Each account is isolated to ensure data integrity and security.
The Data Controller for Taskade is the Technical Support Team, reachable at [email protected]. The Data Protection Officer is John Xie, who can be reached at [email protected].
We deploy monitoring and (thousands of) alerts for system health, product health, and abuse (attack signatures, audit events).
Our server status page is completely separate from our production platform, all the way up to the domain registrar, and lets you know of any issue affecting production, as well as the @Taskade Twitter account.
Taskade processes credit card payments via Stripe. Stripe is a PCI-certified payment provider and meets arduous compliance standards. We also structure our payment forms so that your payment details are sent directly to Stripe’s systems and not stored in Taskade, which is an additional layer of security.
For more details, visit our comprehensive FAQ, support documents, privacy policy, and terms of service.