Security & Trust

Your Data Security is Our Priority

We understand that you're trusting us with your team's work. That's why we've built Whatstask with enterprise-grade security from the ground up.

256-bit EncryptionGDPR Compliant99.9% Uptime

How We Protect Your Data

Security isn't an afterthought—it's built into every layer of Whatstask.

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your tasks and team communications are protected at every stage.

Secure Infrastructure

Our infrastructure runs on enterprise-grade cloud providers with SOC 2 Type II certified data centers. We use isolated environments and regular security audits.

Access Controls

Role-based access control (RBAC) ensures team members only see what they need. Admins have full control over permissions and user management.

Privacy by Design

We collect only the minimum data necessary to provide our service. Your data is never sold or shared with third parties for advertising.

Data Residency

Your data is stored in secure data centers. Enterprise customers can request specific data residency locations to meet regulatory requirements.

Incident Response

We have a dedicated security team monitoring 24/7. Any security incidents are promptly investigated and communicated transparently.

Telegram Integration Security

Secure by Design with Telegram

Whatstask leverages Telegram's robust security infrastructure, including their MTProto encryption protocol. We only access the minimum permissions needed to provide our service.

• No access to your private Telegram messages
• Bot interactions are isolated and secure
• You control exactly what data to share
• Revoke access anytime from Telegram settings

Telegram Bot Permissions

✓ Send messages

To deliver task notifications

✓ Receive messages

To process your commands

✗ Read private chats

Never requested

✗ Access contacts

Never requested

Compliance & Data Rights

We're committed to respecting your privacy rights and meeting regulatory requirements.

GDPR Compliant

Full compliance with EU General Data Protection Regulation

Data Processing Agreement

DPA available for enterprise customers upon request

Right to Data Portability

Export your data anytime in standard formats

Right to Erasure

Request complete deletion of your data at any time

Our Security Practices

We follow industry best practices to keep your data safe.

• Regular third-party security assessments and penetration testing

• Automated vulnerability scanning and dependency monitoring

• Secure software development lifecycle (SDLC) practices

• Employee security training and background checks

• Multi-factor authentication for all internal systems

• Encrypted backups with point-in-time recovery

• Network segmentation and firewall protection

• Continuous monitoring and anomaly detection

What Data We Collect

Account Information

Your Telegram user ID and display name to identify your account. We don't have access to your phone number or email unless you provide it.

Task & Project Data

The tasks, projects, and notes you create within Whatstask. This data is encrypted and only accessible to you and your team members.

Usage Analytics

Anonymous usage data to improve our service (feature usage, performance metrics). This data cannot be used to identify individual users.

What We Don't Collect

We never access your private Telegram messages, contacts, or any data outside of your direct interactions with the Whatstask bot.

Enterprise Security

Need additional security features? Enterprise plans include advanced security controls and compliance options.

SSO Integration

SAML 2.0 single sign-on support

Audit Logs

Detailed activity tracking

Custom DPA

Tailored data agreements

Learn About Enterprise

Have Security Questions?

Our team is here to answer any questions about our security practices. For security researchers, we welcome responsible disclosure of any vulnerabilities.

Contact Security Team security@whatstask.com