Data security & privacy
We protect your data with encryption, role-based access controls, and privacy settings to prevent unauthorized access and data breaches.
Data encryption & storage
All communication between our servers and task trackers uses encrypted connections. We store only the data that matches your board filters—everything else is excluded.
All authentication tokens and API keys are encrypted on our servers and never stored in plain text.
hi.ducalis.io cannot access your backlog unless you share it with us. You control exactly how and when you share data.
Board privacy controls
Ducalis restricts all Boards to invited teammates by default. Board Owners and Admins can share Boards with others using a link.
We back up our servers regularly to protect against data loss.
Role-based access
Access levels vary based on user roles, responsibilities, and data sensitivity. Ducalis provides Admin, Member and Viewer roles, plus Workspace-level permissions for enterprise accounts.
Read more about user roles.
Board privacy settings
Board privacy determines who can view, evaluate, or modify a Board. You can configure Boards as public or private.
Read more:
Signup & domain claiming
Control who joins your Organization with two signup options:
- Domain registration — Users can register with your domain name. Add security by claiming a domain to keep teammates in the right Workspace.
- Invitation only — Users can join only when invited.
Read about signup modes.
Account & data deletion
Under GDPR, any user can delete their account. All data—including Issues, task tracker connections, emails, votes, names, and comments—is permanently deleted.
Payment security
We don't store credit card information (except billing email and name) on our servers. All payments are processed through our partner Stripe.
GDPR compliance
Ducalis adheres to Europe's General Data Protection Regulation (GDPR). We've implemented technical and organizational security measures to protect customer personal data and help you meet your GDPR requirements.