Trust & Security

We apply technical and organizational safeguards to protect customer data, account integrity, and service availability.

Security governance

Our security program is risk-based, documented, and reviewed regularly to align with legal requirements and SaaS best practices.

Access controls

  • Role-based permissions and least-privilege access.
  • Authentication controls for administrative and operational access.

Encryption

  • Data in transit is protected with modern TLS.
  • Sensitive data at rest is protected with appropriate encryption measures.

Monitoring and incident response

We monitor systems, apply security updates, and maintain incident response processes for investigation, containment, remediation, and legally required notifications.

Vendors and processors

Third-party providers are selected through due diligence and contractually bound to data protection and confidentiality obligations.

Responsible disclosure

TaskShot does not operate a paid bug bounty program. We nevertheless welcome responsible reports of security issues affecting our production services. Send reports to info@taskshot.com. We aim to acknowledge receipt within 10 business days.

  • Include a clear description, reproduction steps, affected URL or endpoint, potential impact, and a minimal, non-destructive proof of concept.
  • Limit testing to TaskShot-owned domains and systems (for example taskshot.app, app.taskshot.app, and our official API endpoints).
  • Do not access or modify other customers' data, perform denial-of-service testing, use social engineering, or disclose issues publicly before we have had a reasonable time to investigate and remediate.
  • We may acknowledge valid, previously unknown reports in good faith, but we do not offer monetary rewards or formal bounty payouts at this time.