Back to Home

Security

Overview

Our approach to security is straightforward: we protect your data with the same care and commitment we'd use for our own. Your privacy is our priority.

Secure User Authentication

Taskade employs a comprehensive suite of authentication features. At a basic level, we enforce a complex password policy, ensuring the foundational security of your account. This is augmented with Two-Factor Authentication (2FA) via Google Sign In and further reinforced with Multi-Factor Authentication (MFA) for enhanced protection.

For paying customers, we collaborate with identity management leaders such as Okta, Azure AD, and Google Workspace to provide SAML and SCIM support. This approach ensures a strong and varied ecosystem for authentication.

  • SAML (Security Assertion Markup Language): An open standard allowing identity providers to pass authorization credentials to service providers. This ensures seamless and secure user access without the need for passwords. Taskade supports SAML authentication via Azure AD, Okta, and Google Workspace.
  • SCIM (System for Cross-domain Identity Management): Facilitates the automation of user provisioning and de-provisioning, making it easier to manage and synchronize user identities. Taskade integrates with SCIM via both Azure AD and Okta.

Data Protection and Encryption

While Taskade currently does not provide end-to-end encryption, we use AES-256 encryption algorithms for both data at rest and in transit. This ensures that essential features such as full-text search remain functional while maximizing data protection.

Data Privacy

Taskade believes in giving control to the users. By default, your projects and workspaces are private. Sharing access is completely at your discretion, which means that you have full control over who views your data.

Internal Access

We enforce strict controls and constant monitoring on internal data access. Access to our production servers is granted only to personnel who have undergone thorough vetting and received authorization from our executive team, who are legally committed to safeguarding your data.

Google Cloud Application Security Assessment (CASA) Certification

Taskade proudly announces our Google Cloud Application Security Assessment (CASA) Certification, a testament to our unwavering commitment to the highest security standards. This achievement aligns with the OWASP Application Security Verification Standard (ASVS), ensuring comprehensive security coverage from potential vulnerabilities to architectural integrity. For more details on ASVS, visit OWASP ASVS, and for CASA specifics, see CASA.

Our certification process involved rigorous adherence to CASA requirements, covering a wide range of security measures and demonstrating Taskade’s commitment to a secure, privacy-focused platform. By meeting CASA’s stringent standards, Taskade reinforces its dedication to providing a secure environment for collaboration and productivity, in line with the OWASP mission to enhance software security through community education and open-source initiatives.

Compliance & Future Roadmap

While we are in the process of becoming SOC2 and GDPR compliant, our current practices are designed to align with or exceed existing industry standards. Ensuring compliance is a top priority, and we are diligently working to obtain the necessary certifications.

Security Architecture & Monitoring

  1. Our service runs on AWS, and we follow their security best practices. Our servers run on Linux. Administrators use sudo to elevate privileges when necessary.
  2. We deploy Rate Limiting on account, IP, and audit event level.
  3. All relevant production log entries are stored remotely, with pattern matching and alerts for malicious intent, as well as unexpected crashes, exceptions, and other error conditions.
  4. We harden system images and roll out new ones on every change automatically via CICD, this applies to all clusters. Security patches are rolled out automatically. We have a process in place to roll out emergency patches instantly.
  5. We have thousands of unit tests, system tests, and integration tests, confirming changes are secure, correct, and performant.

Taskade AI

Taskade enhances your workflow with AI tools and features by integrating OpenAI's technology, including GPT-3.5 and GPT-4o. This provides you with advanced capabilities while ensuring your data security is fully protected.

Your information will not be used for model training. Any data shared with our partners is exclusively to facilitate the delivery of Taskade AI features, and we strictly prohibit them from using your information for training their models or any other purposes.

Partnerships & Infrastructure

We collaborate with leading industry players to build a robust security architecture. While some member data may be stored in our virtual cloud, our partners cannot decrypt this information.

General Data Protection Regulation (GDPR Compliance)

Taskade is fully compliant with the GDPR. If your business operates in a jurisdiction where the GDPR applies, you are responsible for ensuring that your business operations are also compliant.

There are two main types of data associated with your Taskade account:

  1. Contact and Payment Information: Only full-time Taskade employees have access to this data. We never share it with third parties, except for payment processing.
  2. User Data: This is the data you store within your Taskade projects and tasks. Again, only full-time employees have any level of access to the storage infrastructure where this data resides.

Retention of Data

The limited personal information you provide when signing up for Taskade is retained indefinitely. However, your data within Taskade is deleted within 30 days after you cancel your account.

Technical Details

Data stored in Taskade is secured using industry-standard encryption protocols. Each account is isolated to ensure data integrity and security.

GDPR Contacts

The Data Controller for Taskade is the Technical Support Team, which you can contact at [email protected]. The Data Protection Officer is John Xie, who can be reached at [email protected].

System Uptime & Continuity

We implement rigorous monitoring and establish thousands of alerts to track system health, product functionality, and potential abuse, including attack signatures and audit events.

Our server status page is completely separate from our production platform, all the way up to the domain registrar, and lets you know of any issue affecting production, as well as the @Taskade X account.

Transparency in Business

  • Taskade will never sell your data.
  • You can use Taskade for free and upgrade at any time.
  • Taskade's revenue comes from paid subscribers, not advertisers.
  • All Taskade employees undergo rigorous background and security checks.
  • Taskade is part of Y-Combinator and is backed by reputable entrepreneurs and investors.

Billing and Payment

Taskade processes credit card payments via Stripe. Stripe is a PCI-certified payment provider and meets arduous compliance standards. We also structure our payment forms so that your payment details are sent directly to Stripe’s systems and not stored in Taskade, which is an additional layer of security.

Frequently Asked Questions (FAQ)

1) What Types of Personal Data Does Taskade Collect?

When registering for Taskade, you voluntarily provide us with information such as your name and email address. Additionally, the following data might be collected:

  • Email
  • IP Address
  • Device ID
  • Name and Surname (optional)
  • Invoice Address (for Business accounts)

2) Why Does Taskade Collect Personal Data?

The data we collect is essential for providing you with our services and is used to improve Taskade's features and functionalities.

3) How Can I Access and Export My Personal Data?

To have your personal data exported, please contact us. We also provide various export methods.

4) Who Owns My Data in Taskade?

As a user, you retain ownership of your data when using Taskade. Taskade's role as a Data Processor means that we manage and process your data on your behalf, according to GDPR guidelines, but do not claim ownership of it. When you share your content with other users, you are granting them permission to access and interact with it through the service, but this does not transfer ownership of the data to them or Taskade.

5) Does Taskade Use Third-Party Services to Process Data?

We use GDPR-compliant third-party services such as Stripe, AWS, and Google Workspace.

More Information

For more details, visit our support documents, privacy policy, and terms of service.

Got a question? Get in touch.

Contact Us