How I keep your data safe v2.0

Last updated: March 26, 2026 · Effective: April 26, 2026 · Security capabilities built into the TaskZilla software product.

The short version 🦖: you deploy and operate the instance; I ship the locks already installed. Sandboxed agents, scoped secrets, HITL gate on anything risky, silence means no. Compliance-ready by design — the detailed version starts below.

Product Model

TaskZilla is a self-hosted software product. You deploy and operate it on your own infrastructure. TaskZilla B.V. does not host customer instances and does not have access to customer data. The security capabilities described on this page are built into the software — the deploying organization operates and is responsible for their instance's security posture.

Infrastructure (Customer-Operated)

The following infrastructure security features are built into the TaskZilla software and apply to the deploying organization's instance:

• Hosting — Customer chooses their own hosting provider. We recommend EU-based cloud infrastructure (e.g., Hetzner, Germany) to simplify GDPR compliance.
• Encryption in transit — TLS 1.2+ on all connections (HTTPS enforced with automatic certificate renewal).
• Encryption at rest — Secrets vault uses file-level encryption with strict access controls. Database backups are encrypted.
• Backups — Automated daily backups with numbered rotation. Recovery tested periodically.
• Network isolation — Services communicate over private networks where possible. Public endpoints are fronted by a reverse proxy with rate limiting.

Application Security

• Authentication — Token-based authentication with scoped API keys per integration. Auth tokens are never logged or exposed in error messages.
• Secrets management — Centralized secrets vault with audit logging. No secrets in environment variables, code, or logs. Secrets are loaded at runtime via secure references.
• Input validation — All external inputs are validated and sanitized before processing. Prompt injection mitigations are applied to AI inputs.
• Sandboxing — Agent executions run within a sandboxed environment with filesystem restrictions, timeout enforcement, and concurrency locks.
• Concurrency controls — Rate limits, per-agent concurrency caps, and timeout enforcement on all operations.
• Dependency management — Dependencies are pinned and reviewed. No arbitrary code execution from untrusted sources.

AI & Data Handling

• No training on your data — We do not use your workspace content to train, fine-tune, or improve any AI models.
• Prompt minimization — Prompts sent to external LLM providers are minimized for PII. We strip or pseudonymize personal data where possible before sending to non-EU providers.
• Observability caps — All AI inputs are strictly capped per field in observability pipelines to prevent data leakage into tracing systems.
• Memory isolation — AI memory systems store decisions and patterns — never raw secrets, credentials, or passwords. Memory is workspace-scoped and accessible only to authorized users within that workspace.
• Automated decay — AI memory entries are subject to time-based and relevance-based decay, ensuring stale data is automatically cleaned up.
• Right to deletion — All AI memory (including vector embeddings and knowledge graph entries) can be fully deleted on request.

Human-in-the-Loop (HITL) Security Gate

TaskZilla enforces mandatory human approval for high-risk AI actions using a risk-scored HITL gate. Every action is classified on three dimensions:

• Reversibility (0–2) — can the action be undone?
• Blast radius (0–2) — does it affect a single item, a workspace, or external systems?
• Data sensitivity (0–2) — does it involve public info, internal content, or credentials/PII?

Combined score (0–6) determines the control level:

• Score 4–6 (high risk) — HITL required. Action is paused, approver is notified, and the action proceeds only with explicit approval. If no approval is received within 5 minutes (configurable), the action is denied by default (fail-safe). Includes: memory deletion, secrets rotation, external message delivery, bulk operations, cron changes, data exports, credential modifications, server-side script execution.
• Score 2–3 (medium risk) — configurable. Workspace administrators choose whether to require approval or auto-execute. Includes: single task reassignment, standup delivery, new memory writes, priority changes.
• Score 0–1 (low risk) — auto-approved. Logged for audit. Includes: memory reads, task queries, internal report generation.

EU AI Act high-risk escalation: Any action whose context reasonably could be interpreted as a high-risk use case under Annex III of the EU AI Act is automatically escalated to HITL regardless of its base score. This includes: employment/recruitment/termination decisions, legal effects on individuals, profiling/scoring/ranking people, access to education or vocational training, access to essential services, and creditworthiness/insurance/eligibility determinations. This escalation cannot be bypassed or disabled — it is a hard gate enforced at the system level.

Prohibited practices (Article 5) are blocked outright — no HITL override is possible for social scoring, biometric identification, subliminal manipulation, or exploitation of vulnerabilities.

All HITL decisions (approvals, denials, timeouts) are recorded in an immutable audit log with timestamp, action type, risk score, escalation reason, approver identity, and resolution.

Access Controls

• Principle of least privilege — Each integration and service account has only the permissions required for its function.
• Scoped API keys — Integration tokens are scoped to specific services and can be revoked individually.
• Audit trail — All secrets access, administrative actions, HITL decisions, and configuration changes are logged with timestamps in an immutable, append-only log. Audit logs include: timestamp, actor, action type, input summary, output summary, risk score, HITL decision, and escalation reason where applicable. Logs are encrypted at rest, retained for 7 years (or as required by local law), and access-controlled. Users may request audit logs related to their account by contacting security@taskzilla.ai. Audit logs are subject to GDPR data subject access requests (Art. 15).
• Session management — Automated weekly session cleanup to prevent context bloat and stale session data.

Monitoring & Incident Response

• Self-heal system — Automated weekly self-heal runs with 26 known issue detections and auto-remediation (TROUBLESHOOT.md).
• Error handler — Global alert system with retry-once logic and voting-based triage.
• Observability — AI operations are traced for performance monitoring and debugging (with strict input caps for privacy).
• Breach response — The deploying organization is responsible for breach notification under GDPR (72 hours to supervisory authority per Art. 33, notification to affected individuals per Art. 34). TaskZilla's audit logging and monitoring tools support breach investigation and response.

EU AI Act & GDPR — Compliance-Ready by Design

TaskZilla is designed to be deployed in GDPR and EU AI Act compliant environments. The deploying organization is responsible for their own regulatory compliance. The software includes the following built-in capabilities to support that goal:

• AI risk classification — TaskZilla is designed as a limited-risk AI system under Regulation (EU) 2024/1523, with all Article 50 transparency features built in.
• Data residency — The deploying organization chooses their hosting location. The software supports EU-only deployments and can be configured to use self-hosted AI models, avoiding international data transfers entirely.
• Privacy by design — Data minimization, pseudonymization, automated decay, and sandbox isolation are built into every layer.
• Human oversight — All AI-generated outputs can be overridden, modified, or disabled by workspace administrators. High-risk actions require explicit human approval via HITL gate (see above).
• Right to erasure — AI memory systems support full data deletion, including derived embeddings and knowledge graph entries.
• Data export — Built-in compliance export capability for data portability and audit purposes.
• Zero hardcoded data — Enterprise sanitization ensures no customer-specific values are hardcoded in the software (828 sanitization fixes validated). All configuration is via environment variables.

Customer responsibilities: The deploying organization must sign DPAs with their chosen third-party providers (LLM APIs, cloud hosting, project management tools), conduct their own DPIA where required, establish lawful bases for processing, and publish their own privacy policy covering their deployment.

Responsible Disclosure

We take security seriously. If you discover a vulnerability in TaskZilla:

• Report it to security@taskzilla.ai or via support.taskzilla.ai.
• Include a clear description, steps to reproduce, and any proof-of-concept (if possible).
• We will acknowledge receipt within 48 hours and provide an initial assessment within 5 business days.
• We ask that you give us reasonable time (at least 90 days) to address the issue before public disclosure.
• We will not take legal action against security researchers acting in good faith.

Questions about how I handle security? Email security@taskzilla.ai or ping support.taskzilla.ai — I read every one.