TaskRay

TaskRay Trust Center

The TaskRay Trust Center details the platform's comprehensive security and compliance measures—including SOC 2 compliance, role-based access control, encryption, endpoint security, and legal agreements—and clarifies that despite using React in its front-end, TaskRay is not affected by the critical React Server Components vulnerabilities (CVE-2025-55182) due to not employing React server-side features.

Overview

TaskRay makes onboarding customers fast and efficient with built-in best practices around handoffs from sales to customer onboarding to customer success. The platform provides powerful insights into onboarding performance and templates to help guide your onboarding projects.

Compliance

  • SOC 2 compliance

Documents

  • Network Diagram
  • SOC 2 Report
  • Cyber Insurance

Product Security

  • Role-Based Access Control

Reports

  • Network Diagram
  • Security Prospectus
  • SOC 2 Report

Data Security

  • Access Monitoring
  • Data Erasure
  • Encryption-at-rest

App Security

  • Code Analysis
  • Software Development Lifecycle

Legal

  • Cyber Insurance
  • Data Processing Agreement
  • Master Services Agreement

Access Control

  • Data Access
  • Logging
  • Password Security

Endpoint Security

  • Disk Encryption
  • Endpoint Detection & Response
  • Mobile Device Management

Corporate Security

  • Email Protection
  • Employee Training
  • HR Security

Trust Center Updates

TaskRay Not Impacted by React Server Vulnerabilities

General
December 17, 2025

The security team at TaskRay became aware of reports concerning critical vulnerabilities disclosed in React Server Components (RSC), including a remote code execution issue tracked as CVE-2025-55182.

Reputable threat intelligence and vendor sources have documented this vulnerability and provided guidance on its impact and mitigation:

TaskRay is not impacted by this vulnerability. While TaskRay uses React as part of its front-end technology stack, it does not use React Server Components or React server-side functionality. The disclosed vulnerabilities affect server-side components and runtimes, not client-side React usage. Since TaskRay’s implementation does not include these server components, the confidentiality, integrity, and availability of its systems remain unharmed.

TaskRay Not Impacted by MOVEit Vulnerabilities

Incidents
June 22, 2023

The security team at TaskRay became aware of news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: MOVEit customers urged to patch third critical vulnerability.

TaskRay is not impacted by this vulnerability. TaskRay does not leverage this technology/software within its product and therefore the confidentiality, integrity, and availability of its systems remain unharmed.

If you think you may have discovered a vulnerability, please send a note to security@taskray.com.