Security & Compliance

Last updated: May 4, 2026

At TASKTOGO we take the security of your data seriously. This page summarises the measures we have in place to keep your information safe.

Infrastructure

• All data is hosted in the European Union on servers that meet ISO 27001 standards.
• Data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
• Regular automated backups are taken and tested.

Application Security

• Passwords are hashed using bcrypt with a minimum cost factor of 12.
• Authentication tokens are short-lived JWTs rotated automatically on every request.
• HTTP security headers (CSP, HSTS, X-Frame-Options, etc.) are set on all responses.
• Rate limiting is applied to authentication and sensitive endpoints.
• All API inputs are validated with strict schemas (Zod) before processing.

Access Controls

• Production database access is restricted to application service accounts with least-privilege roles.
• All infrastructure access requires multi-factor authentication.
• Access logs are retained for 90 days.

GDPR Compliance

• We act as a data controller under the EU General Data Protection Regulation.
• You can export all data associated with your account at any time from your account settings.
• You can request permanent deletion of your account and all associated data at any time.
• For data-related enquiries, contact privacy@tasktogo.com.

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to security@tasktogo.com. We aim to acknowledge reports within 2 business days and to resolve confirmed vulnerabilities within 30 days.

Questions

Det 5 Element ApS
Email: security@tasktogo.com