Policies

Please read me, it's important.

menu

Security Practices

Remember The Milk takes the security and safety of your data very seriously. Your data is stored securely and backed up in data centers in multiple geographic locations, and we follow best practices in building and maintaining Remember The Milk.

Tips to keep your account secure

  • Choose a strong password, and always use a unique password for each website that you use. Check out these tips from Google on selecting a secure password.
  • Always check that you're at rememberthemilk.com before you enter your login information.
  • Don't share your password with anyone. Remember The Milk employees will never ask you to provide your password.
  • Make sure your computer and operating system is up-to-date with the most recent patches, upgrades, and anti-virus software.
  • If you're using a public computer, such as at a library or school, make sure you always sign out of Remember The Milk when you're finished (there's a 'Sign out' link in the top right of the site).

Employee access

Remember The Milk employees do not access the content of any task lists unless you specifically request us to do so (for example, if you're having technical difficulties accessing your account), or if legally required to do so. More details on privacy are available in our privacy policy.

Communications

All data (website, web app and mobile apps) is transferred over HTTPS. We use Strict Transport Security to ensure that your browser always uses HTTPS. Feel free to review our SSL report. Remember The Milk passwords are always encrypted when sent over the Internet (using HTTPS).

Credit card safety

When you sign up for a Pro account on Remember The Milk, we do not store your credit card information on our servers. All payment processing is handled by Stripe and PayPal, or Apple in the case of In-App Purchases.

Third-party applications

Third-party applications are those built by external developers that interact with your Remember The Milk account. You should select third-party applications with care. Legitimate applications will never ask for your username and password, but rather direct you to our website where you can authorize access to your account. To review the applications you've authorized, go to the web app, click on the cog icon in the top right, select 'Account settings', then click on 'Apps'. You can revoke access at your discretion by clicking the 'Revoke access' button next to the application.

Reporting possible vulnerabilities

We welcome reports from security researchers about possible security vulnerabilities with our service. If you believe you've discovered a vulnerability in Remember The Milk, please email us at security [at] rememberthemilk.com with information and detailed instructions on how to reproduce the issue. We ask that you give us reasonable time to respond to the issue before making any information about it public; we will investigate all reports and do our best to quickly fix the problem.