Security

Task Ember is built with security as a foundational principle, not an afterthought. Here's how we protect your data and Azure resources.

Authentication and Access Control

  • Microsoft Azure Active Directory and Google OAuth 2.0 for identity
  • JWT-based sessions with 24-hour expiry and automatic token refresh
  • Role-based access control: Owner, Admin, User roles with granular permissions
  • Multi-tenant isolation via subdomain routing with session-tenant validation
  • All server actions verify authentication before execution

Data Protection

  • All data encrypted at rest in Azure Cosmos DB and Azure Blob Storage
  • TLS 1.2+ encryption for all data in transit
  • Azure Key Vault for storing sensitive credentials (BYOAR secrets, API keys)
  • Azure Managed Identity for service-to-service authentication (no keys in application code)
  • Parameterised database queries throughout - no SQL injection vectors

Infrastructure Security

  • Hosted entirely on Microsoft Azure (UK South region)
  • Azure API Management (APIM) as the gateway for webhook endpoints
  • DNS rebinding protection on outbound HTTP requests from Azure Functions
  • Private IP blocking to prevent SSRF attacks via the HTTP executor
  • Rate limiting on all user-facing endpoints (Cosmos DB-persisted for multi-instance safety)

Tenant Isolation

  • Each tenant operates on an isolated subdomain with separate branding and configuration
  • Middleware enforces tenant-session validation on every request
  • Database queries are scoped to the authenticated tenant
  • Cross-tenant data access is architecturally prevented
  • Self-registration is restricted to the root domain; subdomain access requires an admin invitation

Credential Management

  • BYOAR (Bring Your Own App Registration) lets you use your own Azure credentials
  • Client secrets are stored in Azure Key Vault, not in the application database
  • Platform credentials use separate service principals with scoped permissions
  • Credential expiry monitoring with automated alerts
  • You can revoke BYOAR access at any time by removing the App Registration

Audit and Monitoring

  • Comprehensive activity logging for all user actions (invites, role changes, integrations)
  • Integration action logs with success/failure tracking and 90-day retention
  • Real-time alerts via Azure SignalR for failed actions and security events
  • Sentry integration for error monitoring and incident response
  • Idempotent webhook processing with Cosmos DB event tracking

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. Task Ember never stores, processes, or has access to your credit card numbers. Payment verification is exclusively handled through Stripe webhooks with cryptographic signature verification.

PowerShell Execution Security

Remote PowerShell scripts executed through Task Ember are deployed via Azure Custom Script Extensions directly to VMs. Script parameters are validated and safely escaped to prevent injection. Script output is captured in Azure Table Storage with size limits (30KB output, 10KB errors) and time limits (4-hour maximum execution).

Webhook Security

Each webhook endpoint is provisioned with a unique API key managed through Azure API Management. Webhooks are authenticated via subscription key headers. Webhook payloads are validated and sanitised before processing. File attachments are stored in isolated blob storage paths per webhook.

Responsible Disclosure

If you discover a security vulnerability in Task Ember, please report it to security@taskember.com. We take all reports seriously and will respond within 48 hours. Please do not publicly disclose vulnerabilities until we have had an opportunity to address them.

Security - Task Ember