Data security, GDPR and responsible handling of personal data.

HereTask is built with security and compliance as its foundation. We follow GDPR and ISO/IEC 27001 requirements, ensuring all data is processed confidentially and stored within the EU or the customer's own country. Our platform is hosted with certified local providers, giving you full data sovereignty, transparency and peace of mind.

We take data security and compliance seriously.

Data security and compliance are an integral part of our business and key to the trust we want to build with our customers and partners. HereTask works systematically to comply with all applicable requirements and standards for information security — and to ensure that no third parties gain unauthorised access to customer data.

The platform is hosted locally with certified regional hosting partners — not on large public cloud services. All data is handled exclusively on local servers, ensuring it never leaves the country or region. This gives our customers maximum control, data sovereignty and GDPR compliance.

encrypted

Encryption

All data traffic is encrypted with TLS (HTTPS) and 256-bit SSL to secure data in transit.

token

Logging

We log all API calls, user access and system activities — with central and secure storage.

security

Access procedures

Access to production environments and customer data is restricted and regulated through strict internal procedures.

person_shield

Background checks

All technical staff undergo security screening and work with individual access keys and monitoring when accessing facilities.

fingerprint

Data location and vendors

All customers only have access to data located with certified hosting providers within the EU.

vpn_lock_2

Remote access

System access is via secure remote connections. Local storage of sensitive data is not permitted.

backup

Backup

All data is backed up daily and stored encrypted in separate environments.

hard_drive_2

Hardware handling

All equipment is reset to factory settings before reuse. Destruction is carried out in accordance with industry security standards.

ISO/IEC 27001

HereTask is actively working to implement ISO/IEC 27001 — the international standard for information security management systems (ISMS). The standard ensures a systematic and documented approach to data protection, risk assessment and continuous improvement.

Working with ISO 27001 supports our goal of offering a secure, stable and transparent platform for use in government organisations and among private providers in the healthcare sector. Our policies, procedures and controls are based on both regulatory recommendations and international best practice.

HereTask expects to achieve ISO/IEC 27001 certification during 2026. Already today, large parts of the standard's requirements are an integral part of our daily operations and development work.

Certification is a natural extension of our focus on GDPR and responsible data processing — and is intended to give our customers full transparency and trust in the partnership.

General Data Protection Regulation

HereTask complies with the EU General Data Protection Regulation (GDPR) and works systematically to ensure that personal data is processed lawfully, transparently and securely — regardless of the customer's geographical location.

We have implemented technical and organisational security measures that protect data against unauthorised access, modification, loss or accidental disclosure. This applies both to our own systems and to our collaboration with sub-processors.

In all customer relationships, HereTask acts as a data processor, while our customers are data controllers. We therefore always enter into a data processing agreement that meets the requirements of GDPR and is based on standard contractual clauses.

We log and monitor all access and processing activities, and our employees are subject to confidentiality agreements and have completed relevant training in data protection.

Read our Privacy Policy and Security Assessment.