{"id":611,"date":"2026-07-03T22:00:28","date_gmt":"2026-07-03T22:00:28","guid":{"rendered":"https:\/\/fruitask.com\/blog\/fortifying-your-workspace-a-deep-dive-into-fruitasks-security-features-and-best-practices\/"},"modified":"2026-07-03T22:00:28","modified_gmt":"2026-07-03T22:00:28","slug":"fortifying-your-workspace-a-deep-dive-into-fruitasks-security-features-and-best-practices","status":"publish","type":"post","link":"https:\/\/fruitask.com\/blog\/fortifying-your-workspace-a-deep-dive-into-fruitasks-security-features-and-best-practices\/","title":{"rendered":"Fortifying Your Workspace: A Deep Dive into Fruitask&#8217;s Security Features and Best Practices"},"content":{"rendered":"<h2>Fruitask Security<\/h2>\n<p><strong>How Fruitask protects your account and data \u2014 sign-on options, two-factor authentication, session control, API keys, audit logging, permissions, and data protection.<\/strong><\/p>\n<h2>Overview<\/h2>\n<p>Security in Fruitask spans how you sign in, how sessions and access are controlled, and how your data is protected and governed. It\u2019s designed so individuals and teams can keep accounts safe and meet organizational and compliance needs.<\/p>\n<h2>Account sign-in<\/h2>\n<ul>\n<li><strong>Email + password<\/strong> with email verification.<\/li>\n<li><strong>Single sign-on options:<\/strong> Google and GitHub.<\/li>\n<li><strong>Enterprise SSO<\/strong> support for organizations that centralize identity.<\/li>\n<li><strong>Password reset<\/strong> via secure, time-limited links.<\/li>\n<\/ul>\n<h2>Two-factor authentication (2FA)<\/h2>\n<ul>\n<li>Add <strong>two-factor authentication<\/strong> for an extra layer at sign-in.<\/li>\n<li><strong>Backup codes<\/strong> are provided for recovery if you lose your second factor.<\/li>\n<li>Sensitive security values (2FA secrets, backup codes) are never exposed back to the client.<\/li>\n<\/ul>\n<h2>Sessions &#038; devices<\/h2>\n<ul>\n<li>Active sign-ins are tracked as <strong>device sessions<\/strong>, including device type (desktop\/mobile\/tablet) and the IP address used.<\/li>\n<li>Sessions <strong>expire automatically<\/strong> and can be reviewed; signing out ends a session.<\/li>\n<\/ul>\n<h2>API keys (for developers)<\/h2>\n<ul>\n<li>Generate <strong>API keys<\/strong> to access Fruitask programmatically.<\/li>\n<li>Each key has <strong>scoped permissions<\/strong> (read, write, delete, admin) and an optional <strong>expiry<\/strong>.<\/li>\n<li>Keys track <strong>last used<\/strong> so you can spot stale or unused keys and revoke them.<\/li>\n<\/ul>\n<h2>Permissions &#038; access control<\/h2>\n<ul>\n<li>Workspace access is <strong>role-based<\/strong>: Viewer, Editor, or a <strong>Custom<\/strong> set of granular permissions.<\/li>\n<li>Permissions cover data (rows\/columns), members, comments, chat, automations, plugins, launching public pages, and AI actions \u2014 and can be <strong>scoped per table<\/strong>.<\/li>\n<li>The <strong>most restrictive<\/strong> rule wins when workspace and table permissions overlap, preventing accidental over-exposure.<\/li>\n<\/ul>\n<h2>Auditing &#038; monitoring<\/h2>\n<ul>\n<li>An <strong>audit log<\/strong> records key actions with the user, action, IP address, device\/user agent, and whether it succeeded or failed \u2014 useful for investigating account activity.<\/li>\n<\/ul>\n<h2>Data protection<\/h2>\n<ul>\n<li>Sensitive credentials you store (such as your <strong>AI API keys<\/strong> and <strong>external storage provider secrets<\/strong>) are <strong>encrypted<\/strong> and never returned to the browser.<\/li>\n<li><strong>Public vs. private files:<\/strong> private files are access-controlled with temporary, expiring links.<\/li>\n<li><strong>Bring your own storage<\/strong> lets organizations keep files in infrastructure they control (e.g., for data-residency needs).<\/li>\n<\/ul>\n<h2>Privacy &#038; compliance<\/h2>\n<p>Fruitask provides standard legal and compliance resources, including <strong>Privacy Policy<\/strong>, <strong>Terms of Service<\/strong>, <strong>Cookie Policy<\/strong>, <strong>GDPR<\/strong> information, a <strong>Data Processing Agreement<\/strong>, a <strong>subprocessor list<\/strong>, and <strong>data deletion\/export<\/strong> options.<\/p>\n<h2>Where to find it<\/h2>\n<ul>\n<li><strong>2FA, sessions, sign-in methods, password<\/strong>: Account \u2192 Security.<\/li>\n<li><strong>API keys<\/strong>: developer\/API settings.<\/li>\n<li><strong>Permissions &#038; roles<\/strong>: workspace member\/collaborator settings.<\/li>\n<li><strong>Legal\/compliance<\/strong>: the policy pages in the footer (Privacy, Terms, GDPR, DPA, etc.).<\/li>\n<\/ul>\n<h2>Requirements &#038; access<\/h2>\n<p>Some controls (enterprise SSO, audit visibility, advanced data governance) are aimed at higher plans and organization admins. API access requires generating a key with the appropriate scope.<\/p>\n<h2>Limits &#038; notes<\/h2>\n<ul>\n<li>Revoking an API key or ending a session takes effect immediately for new requests.<\/li>\n<li>Turning on 2FA strongly improves account security \u2014 store your backup codes somewhere safe.<\/li>\n<\/ul>\n<h2>Tips<\/h2>\n<ul>\n<li>Enable <strong>2FA<\/strong> on every admin\/owner account.<\/li>\n<li>Give integrations <strong>scoped, expiring API keys<\/strong> rather than broad, permanent ones.<\/li>\n<li>Use <strong>Custom roles<\/strong> and <strong>per-table permissions<\/strong> to follow least-privilege access.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Fruitask Security How Fruitask protects your account and data \u2014 sign-on options, two-factor authentication, session control, API keys, audit logging, permissions, and data protection.&hellip;<\/p>\n","protected":false},"author":1,"featured_media":610,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-611","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fruitask"],"_links":{"self":[{"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/posts\/611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/comments?post=611"}],"version-history":[{"count":0,"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/posts\/611\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/media\/610"}],"wp:attachment":[{"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/media?parent=611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/categories?post=611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fruitask.com\/blog\/wp-json\/wp\/v2\/tags?post=611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}