Skip to content
TapTidy
Privacy by design
HomeSecurity

Security and privacy

A task app should explain its trust model in plain language.

TapTidy is built around offline-first storage, optional end-to-end encryption, and a smaller telemetry surface than the average subscription task app. This page is the shortest honest version of that model.

Offline-first writes AES-256-GCM E2EE in Pro Zero telemetry defaults in Pro
Diagram showing tasks encrypted on-device, relayed through the server as sealed packets, and decrypted on the recipient device.
When E2EE is enabled, task content is encrypted before it leaves your device.
Explicit server visibility model E2EE available in Pro Open sync where it matters

What the server can see

Enough to operate the service.

Account identity, subscription status, and operational metadata exist so TapTidy can authenticate you, enforce plan limits, and keep the service running.

What the server should not need

Your private task content on Pro with E2EE enabled.

When end-to-end encryption is enabled, task contents are encrypted on-device and decrypted on-device. The server becomes a transport and storage layer for ciphertext.

What differs by plan

Telemetry defaults, not ownership of your data.

TapTidy does not train models on your task data on any tier. Pro adds zero-telemetry defaults and the stronger encrypted-content posture.

Threat model

TapTidy is optimized for ordinary privacy pressure, not espionage marketing.

  • Offline-first local writes reduce dependency on constant cloud reachability.
  • Encrypted content in Pro reduces what the hosted service can read.
  • Direct APK distribution supports users who do not want Play Store dependency.
  • Open standards reduce lock-in and make export and interoperability easier.

AI and telemetry

Task data is not training fuel.

TapTidy does not use your task contents to train machine-learning models. Product telemetry is narrower than typical SaaS patterns, and Pro defaults to zero telemetry.

Control surface

The parts of the model most people want summarized.

These are the trust levers users usually care about before putting real household or personal planning data into an app.

TapTidy security controls at a glance
Area TapTidy posture What that means
Task storage Offline-first local storage Your device stays authoritative for writes, even without connectivity.
Encrypted task content E2EE in Pro Task contents can be encrypted before the server ever sees them.
Telemetry defaults Zero telemetry default in Pro Pro removes ordinary analytics and crash-reporting defaults unless you explicitly opt in.
AI training Never on your task data Your tasks are not repurposed for model training.
Android distribution Standard and no-Google APKs You can choose the dependency profile you are comfortable with.
Open standards CalDAV / WebDAV support Interoperability is part of the product story, not an afterthought.

Security FAQ

The objections security-conscious evaluators usually have.

This is where people typically ask whether the privacy claims are marketing copy or something enforceable in the product architecture.

No. TapTidy does not use your task data to train machine-learning models. That is true on every tier.

If the privacy model matters, the product model should match it.

TapTidy is built to feel calmer than the average cloud task app, but the trust story is concrete: local-first writes, optional encrypted content, and smaller telemetry defaults.

Download Android Or start in the web app first if you want to evaluate the workflow.