Your Data Is Secure With TaskRay

We understand that data security and privacy are often at the top of the list when considering technologies for your business.
Because TaskRay is 100% Salesforce native, it uses the same security and sharing controls you already know and trust within Salesforce. This makes TaskRay the secure solution for all of your company’s customer onboarding project management needs.

TaskRay is SOC 2® Compliant

This certification demonstrates TaskRay’s commitment to operating software, business processes, policies, and procedures that ensure the security and data processing integrity of customer information.
  • SOC 2® is a globally recognized compliance standard developed by the American Institute of CPAs (AICPA). To achieve compliance, TaskRay underwent an independent auditing process to ensure that its customer data was managed based on five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
  • A SOC 2® certification provides an additional level of security that is critical to meeting customer expectations, especially larger enterprise organizations and those in heavily regulated industries that work with sensitive data, such as the healthcare and energy sectors.

TaskRay data security & privacy practices

TaskRay is installed and run entirely within your existing Salesforce instance, making TaskRay data subject to the same security, reliability, and control as any other Salesforce data.
  • You maintain complete control over your data. TaskRay cannot access or view any data your company has created or stored in the app.
  • Salesforce continually updates and upgrades the security of their data centers and the platform. Because TaskRay is a top tier Salesforce partner, we are made aware of any changes Salesforce is making before they are released—enabling us to ensure that TaskRay is always in compliance (read the Salesforce Security Guide).
  • As a native application, TaskRay conforms with the same privacy and compliance standards as Salesforce (read the Salesforce Compliance Standards).
  • To be listed on the AppExchange, TaskRay passed the initial Salesforce security review and is required to be re-certified on an annual basis.
Benefits of a Native App Like TaskRay
  • Saves time and money — With TaskRay, there’s no need for a separate and potentially time-consuming security review. Once you’ve cleared Salesforce, you are good to go with TaskRay.
  • Eliminates complexity — TaskRay is configured using the same controls as Salesforce, so your team doesn’t have to learn a new system to securely manage your TaskRay users and data.
  • Automatic coverage — Your data backup, location, and encryption; physical server access; disaster recovery; and SLA’s are covered under your existing Salesforce agreement. In other words, whatever Salesforce does to protect your data applies in the exact same way to TaskRay.
  • Provides peace of mind  Your company can rest assured that TaskRay is developed and maintained to meet all of Salesforce’s security and privacy standards.
  • Bottom line— If  you trust Salesforce, you can trust 100% Salesforce-native TaskRay.

TaskRay Shared Responsibility Model

As an enterprise application that is installed and run entirely within your existing Salesforce instance, TaskRay follows a shared data security and privacy model that is subject to the same security, reliability, and control as all other Salesforce data.

Customer

Responsible for Security & Privacy in the Application

Installation & Configuration of TaskRay on Salesforce
Set Up Access Permissions for TaskRay Data (Internal & External Users)
 

Responsible for adhering to Salesforce Security & Privacy Standards

Application Development
Lifecycle Management
Customer Support

Responsible for Security & Privacy on the Platform

TaskRay Data Storage
TaskRay Service Delivery

TaskRay Data Encryption & Data Integrity
Server-Side Encryption
(file system / data storage)
Networking Traffic Protection (encryption, integrity & identity)

Operating System, Network & Firewall Configuration

Hardware
Data Centers
Disaster Recovery

Platform, Applications, Identity & Access Management
TaskRay is developed and maintained to meet all of Salesforce’s information and data security standards. (The Salesforce security team conducts rigorous reviews of all native products, including TaskRay, before publicly listing them on AppExchange.)

TaskRay customers are responsible for installation and configuration of TaskRay in their Salesforce instance and for setting visibility and access rights, including:

  1. Installation of the TaskRay managed package into Production and Sandbox instances of Salesforce.
  2. Configuration of the TaskRay Service within Salesforce
  3. Salesforce & TaskRay API Integration
  4. Configuration of (optional) Slack integration
  5. Configuration of Any Additional Connections
  6. Configuration of Users in Salesforce

Configuration of TaskRay Service within Salesforce

As a native Salesforce application TaskRay can take advantage of Salesforce customizations and automations. Our practice is to package common automations to give our customers a general solution or a starting point for a more customized solution. For more information, please visit our support site.

TaskRay leverages several optional features that can be configured by the customer’s internal Salesforce Admin team:

Invocable Apex Actions: TaskRay provides several invocable apex actions that can be called from Process Builders and Flows. For example, you can utilize an action to create deep clones of a project template to ensure it is scheduled correctly based upon the template and dates derived from the object triggering the clone (commonly the Opportunity Close data in Salesforce).

Process Builder: TaskRay suggests leveraging process builders as a declarative tool to clone projects as well as to perform simple data updates in custom scenarios. Customers are required to configure these process builders using best practices provided by TaskRay.

Flow: TaskRay may suggest that customers leverage flows as a declarative tool to clone more complex project templates or for scenarios requiring a project to be “Stitched” together from a variety of templates. Flows may also be prescribed for customers to perform more advanced automations for custom scenarios. Customers are required to configure these flows using best practices provided by TaskRay.

Apex: TaskRay-provided global Apex methods are called directly from Apex code written in customer orgs. This is only suggested in the most complex scenarios and it is the customer’s responsibility to develop this apex code as well as test cases to ensure the code will be performant and successful.

Public Sites: TaskRay provides an optional feature called “External Sharing” which utilizes Salesforce public site technology to allow customers to provide a direct link to a live “Plan View”. This feature allows you to provide a link to projects opted into “External Sharing” to your customers, allowing for a real time view of their projects. This optional feature leverages public sites and will provide public access to a subset of your TaskRay data.

Communities: TaskRay supports Salesforce Communities to allow your customers to log directly into a TaskRay Salesforce organization and participate fully in TaskRay projects. TaskRay Community setup mimics the Salesforce Community setup with some additional steps required for exposing TaskRay components to the Community. Customers are required to configure these communities using best practices provided by TaskRay.

Custom Fields and Objects: TaskRay supports the creation and linking of custom fields and objects to TaskRay Objects to support custom scenarios. Customers are required to configure these fields and objects using best practices provided by TaskRay.

Validation Rules: TaskRay supports the creation of custom Salesforce validation rules. These validation rules are created to support custom business logics. Customers are required to configure these validation rules using best practices provided by TaskRay.

Salesforce & TaskRay API Integration

TaskRay’s native app architecture allows customers to expose TaskRay information via Salesforce APIs. This allows customers to utilize existing Salesforce API connections, middleware, data backup, and data visualization tools with TaskRay data.

Configuration of (optional) Slack Integration

TaskRay has an optional feature which allows customers to connect TaskRay to their Slack workspace. This customization can expose TaskRay data to any user within your Slack workspace and allows customers to create tasks and display progress on TaskRay projects directly within Slack. Customers are required to configure this integration using best practices provided by TaskRay. 

Configuration of Any Additional Connections

Customers are required to ensure any other connections to their Salesforce org which may be utilizing TaskRay data are appropriately configured. To ensure your TaskRay implementation is optimized for your specific use case, we provide documentation as well as guidance to your Salesforce administration team.

Configuration of Users in Salesforce 

TaskRay user account management mirrors Salesforce user account management. In order to use TaskRay, a user must be configured in Salesforce and have the license and permissions specified above configured for that user. TaskRay data visibility is driven by two factors:

  1. Configuration of visibility of TaskRay data for internal and external Salesforce users (leveraging Salesforce configuration).
  2. TaskRay licenses must be assigned to individual users. (This does not apply in a Site License Scenario.) Salesforce Object Level Create, Read, Edit, Delete, and Field Level Security must be configured like any other custom or standard object in Salesforce. (We recommend utilizing either the TaskRay Standard or TaskRay Read-Only permission sets.)

If you require additional information, please send us an email or schedule a call.

TaskRay is developed and maintained to meet all of Salesforce’s information and data security standards. (The Salesforce security team conducts rigorous reviews of all native products, including TaskRay, before publicly listing them on AppExchange.)

Salesforce Security Reviews & Compliance

TaskRay participates in periodic security re-reviews of the TaskRay application with the Salesforce security team. If any issues are found, Salesforce requires that they are addressed within 90 days to maintain a public listing on the Appexchange.

As a top Salesforce partner, TaskRay is made aware of any changes Salesforce is making before they are released—enabling us to ensure that TaskRay is always in compliance.

Application Lifecycle Management

Major Release Process (~3 times per year) 

Upon development completion: TaskRay runs a final Salesforce security scan on the new release using tooling provided by the Salesforce security team.

6 weeks prior to Production upgrades: Email communication to TaskRay Admins containing release notes and release schedule.

3 weeks prior to Production upgrades (Wednesday or Thursday): Email communication to TaskRay Admins reminding them that Sandboxes will be upgraded on Saturday.

3 weeks prior to Production upgrades (Saturday): Push upgrade to all customer Sandboxes so customers can test the upgraded version with their customizations. At this time, it is also possible to opt into the upgraded version in your production org with a direct install link or an upgrade performed through the AppExchange.

3 weeks prior to Production upgrades (Saturday): Email communication to TaskRay Admins alerting them that the Sandbox upgrade was completed.

Week of Production upgrades (Wednesday or Thursday): Email communication to TaskRay Admins reminding them that Production will be upgraded on Saturday.

Week of Production upgrades (Saturday): Push upgrade to all customers. Email communication to TaskRay admins alerting them that the Production upgrade was completed.

Minor Release Process (Bug Fixes) 

  1. Identify and deem issue critical for immediate patch.
  2. Analyze risk of pushing bug fix, determine any risk mitigation factors, and apply to bug fix planning.
  3. Perform development work to address issue.
  4. Create a new minor package version based on the last major release.
  5. Update minor package version release notes on support.taskray.com “What’s New” section.
  6. Push new minor package version to customers.

Customer Support

  • We consistently receive 5-star reviews on the AppExchange calling out our documentation.
  • Our extensive online documentation will help your Salesforce Administrator become a TaskRay Administrator.
  • Customers have the ability to log unlimited support tickets.
  • TaskRay provides email support for most issues.
  • For complex support issues, we will set up a Zoom meeting.
  • As with Salesforce, authorized users may grant TaskRay login access in order for our team to troubleshoot issues.

If you require additional information, please send us an email or schedule a call.

Salesforce is responsible for: platform applications, identity and access management; hardware, data center and disaster recovery; operating system, network and firewall configuration; server-side data encryption, data integrity and networking traffic protection; as well as TaskRay data encryption and data integrity authentication, data storage and service delivery. In other words, everything Salesforce does to protect your data on their platform applies in the exact same way to your data in TaskRay.

Please refer to Saleforce’s Security site for details.
© 2025 TaskRay – All rights reserved.
Privacy Policy Legal