Security & privacy model
What TapTidy encrypts, what our servers can see, and what the Pro Privacy tier actually does — in plain language.
On-device encryption
Pro tasks are encrypted on your device before they leave it. TapTidy servers store ciphertext only.
No AI training
Your task content is never used to train machine learning models — on any tier, ever.
Pro Privacy: zero telemetry
Analytics, crash reporting, and Firebase are all disabled. No telemetry leaves your device.
End-to-end encryption
On Pro and Pro Privacy tiers, TapTidy encrypts your tasks on your device using your encryption key before transmitting anything to our servers. This means:
- TapTidy servers receive and store only ciphertext — encrypted blobs with no readable content
- Without your key, TapTidy cannot read your task titles, descriptions, due dates, or any other field
- Encryption and decryption happen entirely on your devices (web browser or Android app)
- Multi-device sync works by distributing your encrypted key to your authorized devices — not by sending your key to our servers in plaintext
On the Free tier, tasks are stored with server-side encryption (industry-standard AES-256 at rest), which means TapTidy servers can decrypt them. This is the same model used by virtually all free-tier task apps.
Key rotation
TapTidy Pro supports encryption key rotation — the ability to generate a new encryption key and re-encrypt your data with it. You should rotate your key if:
- You suspect a device was compromised
- You remove a device from your account
- You want to revoke access for a previously trusted device
Key rotation is available from Account Settings and does not require contacting support. Rotating your key does not delete your tasks — it re-encrypts them with the new key and invalidates the old key on all previously authorized devices.
Pro Privacy tier: what's disabled
Pro Privacy is identical to Pro in every feature — but with all telemetry disabled at the SDK level, not just at the settings level.
| Signal | Free | Pro | Pro Privacy |
|---|---|---|---|
| Analytics events | Enabled | Enabled | Disabled |
| Crash reporting | Enabled | Enabled | Disabled |
| Firebase Cloud Messaging | Allowed | Allowed | Not initialized |
| Real-time push sync | ✗ | FCM (Pro) | Socket.IO (Privacy) |
| Google Play Services required | No | Standard build: Yes | No — Privacy APK |
Pro Privacy users should also download the Privacy APK build from the download page — this build is compiled without Firebase SDK, Google Play Services dependencies, or any Google libraries. The Standard APK still supports FCM even if you're on Pro Privacy.
What TapTidy servers can see
On the Free tier
Your task content is stored encrypted at rest (AES-256) but is decryptable by TapTidy servers. We can see task titles, descriptions, due dates, tags, and project names. We do not read this data except for the purpose of serving it back to you, diagnosing bugs you report, or as required by law.
On Pro and Pro Privacy
Your task content is end-to-end encrypted on your device. TapTidy servers receive and store ciphertext only. We cannot read your task titles, descriptions, due dates, tags, or any task content field. We can see metadata such as your account email, device count, sync timestamps, and subscription status — but not the content of your tasks.
AI and machine learning
TapTidy does not use your task content to train machine learning models — on any tier. This applies to:
- Task titles, descriptions, and metadata
- Natural language capture input strings
- Email-to-task email content
- CalDAV-synced calendar data
The natural language capture engine is a deterministic Rust parser — it runs on your device and does not send your input to a cloud AI service. It does not learn from your data or improve based on usage patterns.
Data retention
- Active account data is retained for as long as your account exists
- Deleted tasks are purged from servers within 30 days of deletion
- Account deletion triggers immediate removal of all task data from active servers
- Automated backups (Pro+) are retained for 90 days, then permanently deleted
- Analytics and crash reporting data (Free and Pro) is retained for 90 days
- Pro Privacy: no analytics or crash data is collected, so there is nothing to retain
To request account and data deletion, visit /data-deletion or contact us at /contact.
Reporting a vulnerability
If you believe you've found a security vulnerability in TapTidy, please report it responsibly via our contact page rather than publicly disclosing it. We aim to acknowledge reports within 72 hours and provide a timeline for remediation.