Trust & Security

Protecting your data is fundamental to everything we build. Task360 is designed from the ground up with enterprise-grade security, compliance, and reliability.

Infrastructure Security

Task360 is hosted on Amazon Web Services (AWS), one of the world's most secure and reliable cloud platforms. AWS data centers maintain industry-leading physical security controls, including 24/7 monitoring, biometric access, and multi-layered perimeter protection.

  • Cloud Provider: Amazon Web Services (AWS) with data centers across multiple regions
  • Redundancy: Multi-availability zone deployment for high availability and fault tolerance
  • Uptime: 99.9% uptime SLA for all paid plans
  • Backups: Automated daily backups with point-in-time recovery capability
  • Disaster Recovery: Geographically distributed backup storage with documented recovery procedures

Data Encryption

All customer data is encrypted both in transit and at rest using industry-standard encryption protocols.

  • In Transit: All data transmitted between your browser/device and Task360 servers is encrypted using TLS 1.2+ (HTTPS)
  • At Rest: All stored data, including databases and file storage, is encrypted using AES-256 encryption
  • Key Management: Encryption keys are managed through AWS Key Management Service (KMS) with strict access controls

Access Controls

Task360 enforces strict access controls at every level, from how your team accesses the platform to how our own engineers access infrastructure.

  • Role-Based Access Control (RBAC): Granular permissions allow administrators to control exactly what each user can see and do within the platform
  • Multi-Factor Authentication (MFA): Available for all accounts to add an extra layer of protection beyond passwords
  • Single Sign-On (SSO): Integration with your existing identity provider for centralized authentication management
  • Session Management: Automatic session timeouts and the ability to revoke active sessions remotely
  • Audit Logging: Comprehensive logs of all user actions, login attempts, and administrative changes

Internal Security Practices

Security is embedded in our development and operational processes, not bolted on as an afterthought.

  • Least Privilege Access: Task360 employees are granted the minimum access necessary to perform their roles, with regular access reviews
  • Secure Development Lifecycle: Code reviews, static analysis, and security testing are part of every release
  • Dependency Management: Automated scanning for vulnerabilities in third-party libraries and dependencies
  • Employee Training: All team members complete security awareness training on a regular basis

Compliance

Task360 is committed to meeting the regulatory and compliance requirements that matter to your organization.

  • GDPR: Fully compliant with the EU General Data Protection Regulation. We act as a data processor on behalf of our customers and provide Data Processing Agreements (DPAs) upon request
  • KVKK: Compliant with Turkish Personal Data Protection Law No. 6698
  • SOC 2 Type II: Our infrastructure provider (AWS) maintains SOC 2 Type II certification, and Task360 follows SOC 2 principles in our own operations
  • ISO 27001: Our security management practices are aligned with ISO 27001 standards for information security management

Data Residency & Privacy

We understand that where your data lives matters. Task360 provides transparency and control over data residency.

  • Data Location: Customer data is stored in AWS data centers within the EU region by default. Custom data residency options are available for Enterprise plans
  • Data Ownership: Your data belongs to you. Task360 does not sell, share, or use customer data for any purpose other than providing the service
  • Data Portability: Export your data at any time in standard formats (CSV, JSON)
  • Data Deletion: Upon account termination, all customer data is permanently deleted within 30 days, with certification available upon request

Incident Response

Task360 maintains a documented incident response plan to ensure rapid detection, containment, and resolution of security events.

  • 24/7 Monitoring: Automated monitoring and alerting for suspicious activity, performance anomalies, and potential threats
  • Response Team: A dedicated security response team is on-call to investigate and respond to incidents
  • Customer Notification: In the event of a confirmed data breach affecting customer data, affected customers will be notified within 72 hours as required by GDPR
  • Post-Incident Review: Every security incident is followed by a thorough review and remediation to prevent recurrence

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue in Task360, please report it to our security team. We ask that you give us reasonable time to address the issue before making any public disclosure.

Contact Our Security Team

If you have security questions, need a Data Processing Agreement, or want to report a vulnerability, please reach out:

  • Security Email: support@task360.app
  • Phone: +90 (216) 575 60 70
  • Address: Ihlamurkuyu Mh. Gümüşsuyu Cd. Meral Plaza No:5 K:7 34771 Ümraniye, İstanbul / Türkiye