encrypted at rest
Task descriptions, notes and subtask titles are encrypted under a per-group key. Even at the database layer, your sensitive content is not sitting in plain text.
// security
Encryption at rest, a managers-only vault, two-factor and step-up auth — built in, on every tier, never an upsell.
Task descriptions, notes and subtask titles are encrypted under a per-group key. Even at the database layer, your sensitive content is not sitting in plain text.
Keep credentials and secrets in a vault that only managers can reveal — auto-relocking after a couple of minutes, and never sent anywhere it does not need to go.
TOTP two-factor on your account, plus step-up re-authentication that guards the few actions that really matter — revealing the vault, deleting data, inviting admins.
Export everything, any time, in open formats. No lock-in, no hostage data. Built in on every tier — never an upsell.
// principles
Privacy is the default; the heavier security controls are there the moment you want them — IP allowlists, trusted devices, re-auth windows.
Extensions and integrations stay inert until you switch them on. Nothing phones home that you did not enable.
The vault is never transmitted to AI or third parties. Encrypted fields are decrypted only when, and where, they must be.