Security

Security at Roko

Built to keep your projects, tasks, and collaborators protected.

Roko is a small, focused product, so our security posture is intentionally practical: reduce sensitive surface area, encrypt data in transit, limit operational access, and respond quickly to reports.

Responsible disclosure

Email security@rokohub.com with clear reproduction details.

Please do not access, modify, delete, or disclose data that does not belong to you. We appreciate good-faith reports and will prioritize issues that could affect user privacy, authentication, authorization, or data integrity.

Authentication

Roko uses passwordless sign-in and federated providers so there is no reusable Roko password to store, leak, or reset.

Data protection

Client-server traffic is encrypted in transit, and production infrastructure is configured to keep project data isolated to authorized collaborators.

Operational access

Administrative access is kept narrow, used only for operating the service, supporting users, and investigating reliability or abuse issues.

Monitoring

We monitor production errors and suspicious behavior so we can respond quickly when something looks wrong.

Your part matters too.

Security is shared between the product and the people using it.

  • Keep your email, Apple, or Google account protected with multi-factor authentication.

  • Review collaborator access before sharing sensitive project information.

  • Tell us quickly if you believe your account, device, or project data may be compromised.

For privacy details, subprocessors, and retention information, read the Privacy Policy.