// Trust & Security Report

    Taskade Inc. logo

    Taskade Inc.

    Taskade is an AI-native workspace platform ("Taskade Genesis") combining real-time collaborative docs/tasks, AI agents, and no-code automation workflows, sold in Free/Pro/Business consumer-team tiers plus a separate Enterprise tier with SSO/SCIM/DPA.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    Google CASA (OWASP ASVS Level 2)
    HELD

    CASA certified, meeting OWASP Application Security Verification Standard (ASVS) Level 2

    Verify on taskade.com
    > Show 12 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    Compliance efforts in progress. Current practices are designed to align with SOC 2 requirements but certification is not yet complete.

    source: taskade.com
    ISO 27001
    NOT CONFIRMED

    Security management system aligned with international standards (certification in progress)

    source: taskade.com
    ISO 27017
    NOT CONFIRMED

    No public evidence: not mentioned on Taskade's trust center, security page, or privacy policy.

    source: trust.taskade.com
    ISO 27018
    NOT CONFIRMED

    No public evidence: not mentioned on Taskade's trust center, security page, or privacy policy.

    source: trust.taskade.com
    ISO 27701
    NOT CONFIRMED

    No public evidence: not mentioned on Taskade's trust center, security page, or privacy policy.

    source: trust.taskade.com
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence: not mentioned on Taskade's trust center or security page. No AI-governance-specific certification is claimed.

    source: trust.taskade.com
    GDPR
    NOT CONFIRMED

    Practices designed to align with General Data Protection Regulation principles (full compliance in progress)

    source: taskade.com
    CCPA
    NOT CONFIRMED

    Practices aligned with California Consumer Privacy Act requirements (compliance in progress)

    source: taskade.com
    HIPAA
    NOT CONFIRMED

    No public evidence: HIPAA is not mentioned anywhere on Taskade's trust center, security page, or privacy policy. No BAA is offered.

    source: trust.taskade.com
    PCI DSS
    NOT CONFIRMED

    No public evidence: not mentioned on Taskade's trust center or security page (payment processing is handled via a third-party processor, not disclosed as PCI DSS certified by Taskade itself).

    source: trust.taskade.com
    CSA STAR
    NOT CONFIRMED

    No public evidence: not mentioned on Taskade's trust center or security page.

    source: trust.taskade.com
    FedRAMP
    NOT CONFIRMED

    No public evidence: not mentioned on Taskade's trust center or security page.

    source: trust.taskade.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Primary infrastructure hosted on Amazon AWS in the US East region, with Cloudflare for content delivery; enterprise customers may be offered data residency preferences (specific alternate regions not disclosed).

    Taskade's own privacy policy states: 'We do not use or access your data for developing, improving, or training generalized or non-personalized AI and/or machine learning models.' For third-party AI providers (OpenAI, Anthropic, Google) used within the product, Taskade states it contractually prohibits them from training general models on customer data but discloses it 'cannot guarantee third-party compliance and disclaim liability for provider practices beyond our reasonable control.' No tier-based contradiction found between the security page and privacy policy on this point.

    // Security controls

    Encryption at rest

    Automated backups encrypted with AES-256; automation credentials stored in an encrypted vault (AES-256)

    taskade.com

    Encryption in transit

    Encrypted connections with SSL/TLS certificate validation; message-level encryption for document synchronization

    taskade.com

    SSO / Identity

    SAML 2.0 SSO integration, OAuth 2.0 and JWT token validation, multi-factor authentication (MFA) enforcement, SCIM 2.0 user provisioning

    taskade.com

    Monitoring

    24/7 SOC monitoring; immutable audit logs with tamper detection

    taskade.com

    Access control

    Row-level security (RLS) policies; unique network system authentication enforced; remote access encrypted; network firewalls utilized

    trust.taskade.com

    Endpoint/org security

    MDM system utilized; control self-assessments conducted

    trust.taskade.com

    // Products & data scope

    Taskade Workspace (Free / Pro / Business)Team collaboration, project/task management, real-time docs

    data: Team workspace content, tasks, documents, chat; standard AWS US-East hosting

    Core consumer/SMB product; no SSO/SCIM/DPA at these tiers per vendor security page.

    Taskade Genesis / AI Agents & WorkflowsAI agent builder, no-code automation (CRMs, dashboards, portals)

    data: Workspace data plus prompts/content passed to third-party model providers (OpenAI, Anthropic, Google) for inference

    Taskade states it does not train its own models on customer data and contractually restricts third-party model providers from training on it, but cannot guarantee third-party compliance.

    Taskade EnterpriseEnterprise collaboration/AI workspace

    data: Same workspace data model with added identity and compliance controls

    Adds SAML SSO, SCIM provisioning, MFA enforcement, and Data Processing Agreements; enterprise customers may get data residency preferences. This is the tier most relevant for compliance-conscious buyers.

    // What to watch

    • Vendor's own security page candidly discloses SOC 2 Type II, ISO 27001, GDPR, and CCPA are all 'in progress' / not yet certified as of this review - this is an honest disclosure, not an over-claim, but AIFOXX should not list these as held certifications.
    • No independent (non-vendor) confirmation of any cert status was found via web search; assessment relies entirely on vendor's own trust center and security page self-attestation.
    • HIPAA is not addressed at all (no BAA offering found) - treat as unsuitable for regulated health data workflows until stated otherwise.
    • Third-party AI model providers (OpenAI, Anthropic, Google) are used for inference; Taskade's no-training guarantee for these providers is contractual, not independently verified, and vendor itself disclaims liability for third-party non-compliance.
    • Trust center (trust.taskade.com) is a lightly-populated SafeBase-style page with most substantive detail redirecting to www.taskade.com/security; some trust center sections (Resources, Media) were sparse or crawler-inaccessible.

    // At a glance

    Pricing model

    Freemium SaaS (Free / Pro / Business / Enterprise tiers), subscription-based

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Taskade Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.taskade.com

    > Browse all vendor trust reports