Privacy and Security

We take security and privacy seriously

Security by design

We store the token that grants us your tasks access in our database. This token is encrypted and safely stored and can only be used by our servers.

In the unlikely event of a leak of this token, the attacker would not be able to use it to retrieve your tasks as they would require secret keys that are only linked to our servers and our domain name and safely stored in Google Cloud Secret Manager with AES-256-bit encryption keys.

Compliance

We are using the Google Cloud Platform with the highest level of data storage compliance

Find details on their full set of compliance, like ISO/IEC 27001/27017/27018/27701, SOC 1/2/3, PCI DSS, VPAT (WCAG, U.S. Section 508, EN 301 549) and FedRAMP certifications, and alignment with HIPAA, GDPR, and CCPA.

Data storage

The only information we store from your Google account is your name, profile picture, and e-mail address.

We also store metadata on your lists and board so that we can save your boards and customization when you sign out.

The metadata we store is the following:

Lists metadata:
- List name
- List collaborators (for shared lists)
  - email of collaborator
  - name of collaborator
  - profile picture of the collaborator
- List color if any
Boards metadata:
- Board name
- Board background color if any
- Board background image if any
- Board’s list of collaborators (for shared boards)
  - email of collaborator
  - name of collaborator
  - profile picture of the collaborator
User Settings (such as dark mode, the first day of the week, etc)
User custom labels id any

Delete data and revoke permission

If you want to delete all your metadata stored on our database you can do it from this page

Once you delete all your metadata from our server you can revoke the access to your Google tasks from this page https://myaccount.google.com/permissions.

Then click on “TasksBoard”, then “Remove Access”.