At a glance

โœ“ Encrypted in transit (TLS) and at rest (AES-256)
โœ“ Each workspace's data is isolated from every other
โœ“ Passwords hashed with bcrypt โ€” we can't read them
โœ“ Role-based access control + custom roles
โœ“ Two-factor authentication (2FA)
โœ“ Tamper-evident, hash-chained audit log
โœ“ We never sell your data
โœ“ Export or delete your data at any time
In plain terms: your data is encrypted, kept separate from every other customer, and access to it is restricted and logged. We never sell your data, and we don't look at it except to help you when you ask us to.

Encryption

Access control & isolation

Auditability

Every significant action in your workspace is recorded in an activity log. The log is tamper-evident โ€” each entry is cryptographically hash-chained to the one before it, so any attempt to alter or delete history is detectable.

Application & network security

Payments

Paid subscriptions are processed by Razorpay, a PCI-DSS-compliant payment provider. Card and banking details are entered directly with Razorpay โ€” TaskInSync never sees or stores your payment information.

Infrastructure & subprocessors

We build on a small set of trusted, industry-standard providers, each operating under their own data-processing terms:

A full, current subprocessors list is available on request.

Your data is yours

See our Privacy Policy for the full detail on what we collect and why.

Enterprise & compliance

Responsible disclosure

Found a potential vulnerability? We appreciate your help. Please report it through our contact page with enough detail to reproduce it. We investigate promptly and will not pursue legal action against good-faith security researchers who follow responsible-disclosure practices.

Questions?

If your team has security or compliance questions before signing up, we're happy to answer them. Get in touch โ€” we usually respond within a few hours.