// Trust & Security Report
Any.do Inc.
Task management and collaboration platform with personal, family, and team tiers. Includes task lists, calendar integration, AI assistant (does not train on customer data), integrations with 6000+ apps, and team collaboration features.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on any.do“Privacy policy states: 'access from Israel is covered by the Adequacy Decision issued by the European Commission about Israel.' GDPR data processing practices documented in privacy policy.”
> Show 5 unconfirmed / not-held certifications
source: any.doNo public evidence. Web search and vendor domain review found no mention of SOC 2 certification.
source: any.doNo public evidence. No ISO 27001 certification mentioned in privacy policy, help center, or public documentation.
source: any.doNo public evidence. Not mentioned in any accessible vendor documentation.
source: any.doNo public evidence. Not applicable for this vendor based on public documentation.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not publicly specified. Company headquartered in Tel Aviv, Israel. No data residency options mentioned.
Any.do explicitly states in their privacy policy: 'we do not use or retain data obtained through these APIs to train, improve, or develop non-personalized machine learning (ML) or artificial intelligence (AI) models.' The platform includes an AI assistant feature that does not train on customer data.
// Security controls
Encryption in Transit
Yes, stated as 'Data is encrypted in transit when syncing between devices and Any.do servers.' Specific standard (TLS version) not specified.
support.any.doEncryption at Rest
Not explicitly documented. Privacy policy mentions 'appropriate technical, organizational and security measures' but does not specify encryption at rest details.
any.doTwo-Factor Authentication
Available. Security code sent to email on new device session.
support.any.do// Products & data scope
data: Personal tasks, lists, reminders, calendar integration
Free tier available. Freemium model. No special security considerations vs team tier.
data: Shared family boards, grocery lists, household projects, family member tasks
Shared but private to family members. Same underlying infrastructure as personal tier.
data: Team projects, boards, task assignments, shared calendars, integrations with 6000+ apps
Paid tier. No mention of enterprise-grade security features or SLA-based support. Same compliance posture as personal tier.
// What to watch
- No enterprise-grade certifications (SOC 2, ISO 27001) despite 40M+ user base. Suggests product positioned for consumers/SMBs, not enterprise.
- Company has ~15 employees managing 40M+ users, indicating lean infrastructure team. Raises questions about security operations maturity.
- Encryption at rest not explicitly documented. Privacy policy only mentions 'appropriate measures' without specifics.
- No Data Processing Agreement (DPA) mentioned or linked in privacy policy. May hinder B2B enterprise sales requiring DPA.
- Privacy policy includes broad liability disclaimers: 'we cannot guarantee that the information will not be exposed as a result of unauthorized penetration to our servers.' This is a notable caveat on data protection promises.
- No dedicated trust center or security documentation page. Security information scattered across help articles and legal docs.
- Data center locations and infrastructure providers not publicly disclosed.
- No vulnerability disclosure program or bug bounty program mentioned.
- Headquartered in Israel (outside EU/US data hub). May trigger data residency concerns for some enterprise customers despite adequacy decision.
// At a glance
Pricing model
Freemium with paid premium tiers. No per-seat pricing detailed in public docs.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Any.do Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
any.do