Data Handling Policy

TaskVerified is built on the principle that you own your work. We provide a bridge between project management and permanent ownership. While we provide secure platform storage by default, our "Sovereign Storage" model allows you to archive deliverables directly to your own Google Drive or OneDrive.

Every single byte uploaded to TaskVerified—from high-stakes tax forms and legal contracts to final project deliverables—is automatically encrypted at rest using industry-standard AES-256 encryption.

We operate on a "Trust the Platform" model, where TaskVerified securely manages encryption keys. This balance allows us to provide powerful automated services like "The Robot PM" without compromising security.

• Automated Success Criteria: Our systems verify file types and counts for milestones.
• Instant Previews: Securely generate thumbnails and previews for your work.
• Forensic Search: Quickly find files across your entire project history.
• Data Recovery: We maintain a robust key recovery protocol to ensure zero data loss.

Access to your data is strictly audited and limited to only what is necessary for platform operations.

• Short-Lived Signed URLs: Files are never public. We use 1-hour secure tokens for every access request.
• Tamper-Proof Audit Trails: Every view, download, or archival event is logged with SHA-256 verification.
• Staff Isolation: No TaskVerified employee can manually view your files unless explicitly requested for support purposes.

We don't just store files; we sanitize them.

• In-Flight Malware Scanning: Every upload is scanned in a quarantine state before being cleared.
• EXIF Privacy Stripping: We automatically remove GPS and device metadata from professional images.
• SVG Sanitization: Vector files are scrubbed of potentially malicious scripts.

Beyond file storage, your core professional identity and account details are protected by a secondary layer of field-level encryption.

• PII Guard: Sensitive fields like Legal Names, Tax IDs, and Payout Details are encrypted before they even reach our persistent database.
• Contact Privacy: Your mobile number and verified contact details are stored in an encrypted state, accessible only when vital for platform notifications.
• Secure Tax Handling: Legal addresses and tax residency data are handled with the same high-level cryptographic standards as project deliverables.

We follow a "Handshake Verification" model for data deletion to ensure zero storage leakage and full legal compliance.

• 7-Day Trial Scrub: To minimize data liability, all files and metadata for trial users are hard-purged 7 days after account inactivity or trial cancellation.
• 90-Day Paid Hibernation: Lapsed paid accounts are preserved for 90 days. During this window, you can restore your subscription to regain access to all project data.
• 180-Day Compliance Hold: For all paid transactions, we maintain an immutable 180-day audit log hold after account closure to satisfy financial and regulatory requirements.
• The Storage Handshake: We never delete a database record until our storage providers (Cloudflare R2 and Google Drive) confirm the physical files have been successfully wiped.