Security

Taskable takes the security and privacy of your data very seriously, with robust policies, controls, and systems in place to keep your information safe and secure.

People Security

All Taskable employees are required to understand and follow strict internal policies and standards. All employees are trained on security topics including but not limited to device security, preventing spyware/malware, physical security, data privacy, account management, and incident reporting. All employees are required to use 2FA when accessing any internal systems and applications.

Currently only the Chief Technical Officer is able to push code to production environments.

Application Security

Taskable development team follows security best practices. All code is version controlled and goes through peer review and continuous integration tests to screen for potential security issues. Changes to the production environment are logged and the development team is notified of each release.

Authentication

Taskable authentication and authorization is built on top of Auth0, one of thy best security platforms.

Taskable users connect to third party applications (e.g. Google, Office365, Slack, Asana, Trello) using OAuth 2.0, an industry standard for authorizing secure access to external apps. 

Data Security

Data We Collect

Upon authorization we collect user email addresses and full names if provided.

Additionally, we store metadata related to integrations users add as well as data coming from these integrations (like task names, descriptions, due dates etc)..

Lastly, we might also store IP addresses and device information for each incident that occurs .

Taskable strives for lean analysis of data, and only collects data that is necessary for processing purposes. Taskable reviews our data collection processes on a quarterly basis to ensure we only collect data that is necessary to provide the services to the user. In addition, Taskable’s Data Protection Officer reviews all products and services with respect to data collection during the design phase. All data must be processed in accordance with authorized purposes.. 

An individual can request confirmation of whether or not personal information has been collected or held about the requesting individual by sending an email to help@taskablehq.com..

Data Sharing

We do not share or transfer personal identifiable information or the content of any user’s messages with any party, including the user’s employers, except as required by law or as needed for the purposes of collection or related to providing the Service to users.

Data Access

To the extent possible, Taskable automates access to customer data and strictly limits viewing by humans. Only Taskable’s Chief Executive Officer and Chief Technical Officer may request permission to access customer data for essential job functions for a limited amount of time in a secure environment. Taskable reviews access and security audit logs on a regular basis.

Data Removal

At any time, a user may stop using the Service and request for a full removal of their data (via an e-mail to help@taskablehq.com). Within a period of 30 days, all of the user’s third party application content and PII will be removed from the running database by deleting the affected rows. All database backups are securely deleted after 30 days.

Integrations

All integrations, including Microsoft Outlook and Google Calendar, only request scopes required to make Taskable work. We view only your calendar, and are able to write tasks to your calendar.

Server hardening

Production servers are hardened, with the minimally required set of services allowed to run.

Network Security

Encryption in transit

All data in transit between users, Taskable, and third party services is encrypted using 256-bit SSL/TLS. These protocols are revised as new threats and vulnerabilities are identified.

Network Isolation

Taskable divides its systems into separate networks using logically isolated Virtual Containers in Microsoft Azure data centers. Systems supporting testing and development activities are hosted in a separate network from systems supporting Taskable production services. Customer data only exists and is only permitted to exist in Taskable’s production network. Network access to Taskable’s production environment is restricted. Only network protocols essential for delivery of Taskanle’s service to its users are open at Taskable’s perimeter. All network access between production hosts is restricted using firewalls to only allow authorized services to interact in the production network.

Payments

Taskable uses Stripe to manage payment processing.

Physical Security

Data center security

Taskable’s infrastructure is built on top of Microsoft Azure, and is housed in data centers operated by Microsoft. Microsoft has strict policies for physical security, including 24-hour video surveillance and strict access restrictions.

Office security

All employee devices must meet our security standards. These standards require all computers to have strong passwords, encrypt data on disk, run anti-virus software, and lock automatically when idle. No data is stored on employee computers or servers in the office.

Vulnerability Management

Taskabled uses third party services to run automated vulnerability tests on the production environment. Engineers are always on call to immediately address any issues.

Compliance

Taskable is hosted in Microsoft Azure data centers, which are certified to meet compliance requirements of SOC2 and ISO27001. Details can be found at https://docs.microsoft.com/en-us/azure/compliance/

At any time, a user may submit a Privacy Shield related complaint or question by sending an email to help@taskablehq.com. All Privacy Shield related complaints or questions will be responded to within a period of 30 days.