Trust

Security guidelines

This page is maintained by the TaskVelo team to answer common questions about how we handle security. It describes current practices, not a third-party certification.

Authentication

TaskVelo supports email-and-password sign-in and Google sign-in. Sessions are managed by our authentication provider and stored in secure, HTTP-only browser storage. We recommend using a unique, strong password and enabling Google sign-in where convenient.

Encryption in transit

All traffic between your browser and TaskVelo is encrypted using TLS. Connections between TaskVelo and the managed database are also encrypted.

Per-account isolation

Every row in our database is scoped to a single account and protected by row-level-security policies, so requests from one account cannot read or modify data from another account.

Backups

Our managed database provider takes daily snapshots and retains them on a rolling window for disaster recovery.

Your responsibilities

· Keep your password private and unique to TaskVelo.
· Sign out on shared devices.
· Review the email address on your account regularly.
· Use Settings → Export to keep your own copy of your data.

Reporting a vulnerability

If you believe you've found a security issue, please email security@taskvelo.app with steps to reproduce. Please give us a reasonable window to investigate and respond before public disclosure.

Note: TaskVelo is in active beta. This page describes current security practices and will be updated as the product matures. It is not a certification or a legal warranty.