GDPR compliance is not a checkbox — it is an architecture decision. Here is what we built into TASKTOGO from day one.
Data minimisation
We collect only what we need. Profile fields, task data, and messages stay in EU-hosted MongoDB Atlas (Frankfurt). Nothing is replicated outside the EEA without SCCs in place.
Right to portability and erasure
Every user can export all their data in JSON format from the Security settings panel. They can also delete their account — triggering a hard delete of all personal data from the database, not a soft flag.
Audit trails
Every sensitive action (password change, session revocation, account deletion, admin operations) is logged to an append-only audit log. Admins can query the log from the management console.
Data Processing Agreement
We have a standard DPA available on request. Contact privacy@tasktogo.com.