Security

Task Machine runs on managed infrastructure for application hosting, database storage, object storage, email delivery, monitoring, and backups. We keep the setup intentionally small, limit production access, and review infrastructure changes before they affect users.

Public traffic is served over HTTPS, and production access is restricted to the people and systems that need it. Backup and restore checks are part of regular operating practice.

Access to production systems and customer data is limited to the people who need it to operate the service. Sessions are carried in signed cookies, and forms are protected against cross-site request forgery.

Inside a workspace, permissions and approval steps let you control who, human or agent, can take which actions and where a human sign-off is required before work continues.

Task Machine coordinates humans, agents, approvals, and runtimes. Work may be processed by third-party language model and agent providers under their own terms and security practices.

Agent and tool outputs can be incomplete or wrong. Approval steps and verifiers are there so a human or a check can sign off before an output is used or an action is taken.

Task Machine is operated from Spain and processes personal data under the EU General Data Protection Regulation. Details of how we handle personal data are in our Privacy Policy.

Task Machine is an early-stage product in private beta and does not yet hold formal third-party certifications such as SOC 2 or ISO 27001. We will not claim certifications we do not hold. Data processing agreement and subprocessor information is available on request where required.