Our approach to security is straightforward: we protect your data with the same care and commitment we'd use for our own. Your privacy is our priority.
Taskade employs a comprehensive suite of authentication features. At a basic level, we enforce a complex password policy, ensuring the foundational security of your account. This is augmented with Two-Factor Authentication (2FA) via Google Sign In and further reinforced with Multi-Factor Authentication (MFA) for enhanced protection.
For paying customers, we collaborate with identity management leaders such as Okta, Azure AD, and Google Workspace to provide SAML and SCIM support. This approach ensures a strong and varied ecosystem for authentication.
While Taskade currently does not provide end-to-end encryption, we use AES-256 encryption algorithms for both data at rest and in transit. This ensures that essential features such as full-text search remain functional while maximizing data protection.
Taskade believes in giving control to the users. By default, your projects and workspaces are private. Sharing access is completely at your discretion, which means that you have full control over who views your data.
We enforce strict controls and constant monitoring on internal data access. Access to our production servers is granted only to personnel who have undergone thorough vetting and received authorization from our executive team, who are legally committed to safeguarding your data.
Taskade proudly announces our Google Cloud Application Security Assessment (CASA) Certification, a testament to our unwavering commitment to the highest security standards. This achievement aligns with the OWASP Application Security Verification Standard (ASVS), ensuring comprehensive security coverage from potential vulnerabilities to architectural integrity. For more details on ASVS, visit OWASP ASVS, and for CASA specifics, see CASA.
Our certification process involved rigorous adherence to CASA requirements, covering a wide range of security measures and demonstrating Taskade’s commitment to a secure, privacy-focused platform. By meeting CASA’s stringent standards, Taskade reinforces its dedication to providing a secure environment for collaboration and productivity, in line with the OWASP mission to enhance software security through community education and open-source initiatives.
While we are in the process of becoming SOC2 and GDPR compliant, our current practices are designed to align with or exceed existing industry standards. Ensuring compliance is a top priority, and we are diligently working to obtain the necessary certifications.
Taskade enhances your workflow with AI tools and features by integrating OpenAI's technology, including GPT-3.5 and GPT-4 Turbo. This provides you with advanced capabilities while ensuring your data security is fully protected.
Your information will not be used for model training. Any data shared with our partners is exclusively to facilitate the delivery of Taskade AI features, and we strictly prohibit them from using your information for training their models or any other purposes.
We collaborate with leading industry players to build a robust security architecture. While some member data may be stored in our virtual cloud, our partners cannot decrypt this information.
Taskade is fully compliant with the GDPR. If your business operates in a jurisdiction where the GDPR applies, you are responsible for ensuring that your business operations are also compliant.
There are two main types of data associated with your Taskade account:
The limited personal information you provide when signing up for Taskade is retained indefinitely. However, your data within Taskade is deleted within 30 days after you cancel your account.
Data stored in Taskade is secured using industry-standard encryption protocols. Each account is isolated to ensure data integrity and security.
The Data Controller for Taskade is the Technical Support Team, which you can contact at [email protected]. The Data Protection Officer is John Xie, who can be reached at [email protected].
We implement rigorous monitoring and establish thousands of alerts to track system health, product functionality, and potential abuse, including attack signatures and audit events.
Our server status page is completely separate from our production platform, all the way up to the domain registrar, and lets you know of any issue affecting production, as well as the @Taskade X account.
Taskade processes credit card payments via Stripe. Stripe is a PCI-certified payment provider and meets arduous compliance standards. We also structure our payment forms so that your payment details are sent directly to Stripe’s systems and not stored in Taskade, which is an additional layer of security.
When registering for Taskade, you voluntarily provide us with information such as your name and email address. Additionally, the following data might be collected:
The data we collect is essential for providing you with our services and is used to improve Taskade's features and functionalities.
To have your personal data exported, please contact us. We also provide various export methods.
As a user, you retain ownership of your data when using Taskade. Taskade's role as a Data Processor means that we manage and process your data on your behalf, according to GDPR guidelines, but do not claim ownership of it. When you share your content with other users, you are granting them permission to access and interact with it through the service, but this does not transfer ownership of the data to them or Taskade.
We use GDPR-compliant third-party services such as Stripe, AWS, and Google Workspace.
For more details, visit our support documents, privacy policy, and terms of service.