Home Features Encryption
Feature

End-to-end encryption

Your tasks are encrypted on your device before they leave it. TapTidy servers store only ciphertext — we cannot read your tasks, titles, due dates, tags, or any other field.

Try it free → Full security model
🔐

On-device encryption

Encryption and decryption happen entirely on your devices. The TapTidy server never touches your plaintext.

🔑

Key rotation

Rotate your encryption key at any time from Account Settings. Old keys are invalidated on all devices. No data is lost — tasks are re-encrypted with the new key.

📵

Pro Privacy: zero telemetry

Pro Privacy goes further — disabling all analytics, crash reporting, and Firebase. The Privacy APK build contains no Google SDKs whatsoever.

How E2E encryption works

When you enable end-to-end encryption (automatic on Pro and Pro Privacy), TapTidy generates an encryption key stored only on your authorized devices. Before any task is transmitted to our servers, it is encrypted with this key. Our servers receive and store only the encrypted blob — ciphertext that is unreadable without the key.

What TapTidy can and cannot see

On Pro and Pro Privacy

TapTidy servers cannot read your task content. We can see metadata: your account email, device count, sync timestamps, and subscription status — but not the content of any task field.

On the Free tier

Tasks are stored with server-side AES-256 encryption at rest — the industry standard for free-tier apps. This means TapTidy servers can decrypt your data. We don't read it except to serve it back to you or diagnose bugs you report.

For the full disclosure, read the Security page →

Key rotation

If you suspect a device was compromised, removed a device from your account, or simply want to revoke access for a previously trusted device, you can rotate your encryption key from Account Settings. No support ticket required.

Rotating your key:

No AI training on your data

TapTidy does not use task content to train machine learning models — on any tier. On Pro and Pro Privacy, this is technically enforced by the encryption: even if we wanted to, we couldn't read your tasks to train on them.

Read the AI & ML policy →

Encryption questions

Is TapTidy end-to-end encrypted?
TapTidy Pro and Pro Privacy include end-to-end encryption (currently in beta). Tasks are encrypted on your device using AES-256-GCM before transmission. TapTidy servers store only ciphertext and cannot read your task content — titles, descriptions, due dates, tags, or any other field.
What encryption algorithm does TapTidy use?
TapTidy uses AES-256-GCM for task encryption with device-side key management. Encryption and decryption happen locally on your device using the Web Crypto API (web) and the native Android crypto stack. The encryption key is never transmitted to TapTidy servers — only the encrypted ciphertext is uploaded.
Does TapTidy use my tasks to train AI?
No. TapTidy does not use task content to train machine learning models on any tier. On Pro and Pro Privacy, this is technically enforced by the encryption — TapTidy servers cannot read your task content even if they wanted to.
What is TapTidy Pro Privacy?
Pro Privacy ($7/month or $67/year) adds zero analytics, no crash reporting, and no Firebase Cloud Messaging on top of everything in Pro. The Android Privacy APK build contains no Google SDKs. Real-time sync uses UnifiedPush with Socket.IO as a fallback. Designed for users who want complete zero-telemetry operation.

Privacy by default — try TapTidy free

E2E encryption on Pro. Zero telemetry on Pro Privacy. Free to start.

Create your free account →
or view pricing