End-to-end encryption
Your tasks are encrypted on your device before they leave it. TapTidy servers store only ciphertext — we cannot read your tasks, titles, due dates, tags, or any other field.
On-device encryption
Encryption and decryption happen entirely on your devices. The TapTidy server never touches your plaintext.
Key rotation
Rotate your encryption key at any time from Account Settings. Old keys are invalidated on all devices. No data is lost — tasks are re-encrypted with the new key.
Pro Privacy: zero telemetry
Pro Privacy goes further — disabling all analytics, crash reporting, and Firebase. The Privacy APK build contains no Google SDKs whatsoever.
How E2E encryption works
When you enable end-to-end encryption (automatic on Pro and Pro Privacy), TapTidy generates an encryption key stored only on your authorized devices. Before any task is transmitted to our servers, it is encrypted with this key. Our servers receive and store only the encrypted blob — ciphertext that is unreadable without the key.
- Task titles, descriptions, due dates, tags, notes — all encrypted
- Multi-device sync works by distributing your encrypted key to authorized devices, not by sending plaintext to the server
- Encryption runs in the browser (Web Crypto API) and in the native Android app
- The same Rust core handles cryptographic operations on both platforms for consistency
What TapTidy can and cannot see
On Pro and Pro Privacy
TapTidy servers cannot read your task content. We can see metadata: your account email, device count, sync timestamps, and subscription status — but not the content of any task field.
On the Free tier
Tasks are stored with server-side AES-256 encryption at rest — the industry standard for free-tier apps. This means TapTidy servers can decrypt your data. We don't read it except to serve it back to you or diagnose bugs you report.
For the full disclosure, read the Security page →
Key rotation
If you suspect a device was compromised, removed a device from your account, or simply want to revoke access for a previously trusted device, you can rotate your encryption key from Account Settings. No support ticket required.
Rotating your key:
- Generates a new key on your current device
- Re-encrypts all your tasks with the new key
- Invalidates the old key on all previously authorized devices
- Does not delete any task data
No AI training on your data
TapTidy does not use task content to train machine learning models — on any tier. On Pro and Pro Privacy, this is technically enforced by the encryption: even if we wanted to, we couldn't read your tasks to train on them.
Read the AI & ML policy →