Security

Overview

At Taskade, we understand the importance of security, and we take it seriously. Security is foundational to every decision we make. Every decision in creating Taskade begins with the safety and privacy of your data in mind.

User Authentication

For password protection, we require a highly secure password formula for all users. Alternatively, we support 2FA authentication through Google Sign In.

Data Protection

Taskade uses encryption at rest and in transit, but not end-to-end. This ensures features like full-text search are possible. Our encrypted database instances use the industry-standard AES-256 encryption algorithm to encrypt your data.

Data Privacy

Your data is safe with Taskade! Only you and collaborators you have invited to your workspace or project will have access. Projects and workspaces are by default private until you share or invite others to them.

Data Access

The Taskade team has severely limited internal access to any data on our servers. All requests to access the production servers for maintenance or updates are routed, verified, and authorized by members of the executive team. These team members have undergone rigorous background checks and have a legal, vested interest in keeping customer data safe and secure.

Compliance & Certifications

We are working on compliance practices to meet or exceed industry standards and audits. This is one of our top priorities.

Hardening & Process

1. Our service runs on AWS, and we follow their security best practices. Our servers run on Linux. Administrators use sudo to elevate privileges when necessary.
2. We deploy Rate Limiting on account, IP, and audit event level.
3. All relevant production log entries are stored remotely, with pattern matching and alerts for malicious intent, as well as unexpected crashes, exceptions and other error conditions.
4. We harden system images and roll out new ones on every change automatically via CICD, this applies to all clusters. Security patches are rolled out automatically. We have process in place to roll out emergency patches instantly.
5. We have thousands of unit tests, system tests, integration tests, confirming changes are secure, correct, performant.

Security Partners

Taskade works with a variety of service providers to enhance our own security architecture, and we only choose to work with the best security partners in the industry. Member data may be stored in the Taskade private virtual cloud (such as Amazon Web Services), which we built to run business operations. These partners don't have the keys to decrypt member data stored on their servers.

Uptime & Continuity

We deploy monitoring and (thousands of) alerts for system health, product health, and abuse (attack signatures, audit events).

Our server status page is completely separate from our production platform, all the way up to the domain registrar, and lets you know of any issue affecting production, as well as the @Taskade Twitter account.

Business

Taskade's revenue comes from paid subscribers — not advertisers. You can use Taskade for free, and upgrade any time. Taskade will never sell your information. Taskade is founded by seasoned entrepreneurs and backed by reputable investors. All Taskade employees undergo rigorous background and security checks before being hired.

Billing and Payment

Taskade processes credit card payments via Stripe. Stripe is a PCI-certified payment provider and meets arduous compliance standards. We also structure our payment forms so that your payment details are sent directly to Stripe’s systems and not stored in Taskade, which is an additional layer of security.