TickTick Reviews

Stay away! No clear data/privacy policy, no company details, no reply to emails.

about TickTick · · Helpful Not helpful 9 Helpful Report as spam

In Short...

TickTick's website and app should raise many suspicions. So should the fact they're extremely unclear about how/where they store user data or what laws apply to them. Their domain name registration seems to have been done by a single individual from China with a gmail account and they don't answer support emails.

How is customer data handled? TickTick doesn't say.

Firstly, keep in mind that information you put in to-do lists will probably reveal a lot about your habits, the names of people you know and meet, your location, maybe sensitive health details or something about your family. With a hosted to-do list service all this information sits somewhere on a server you don't control.

For this reason, you'll want to be clear at least where your information is stored (which country / which legal jurisdiction). Or, if you're not even interested in that, you probably will concede that such information should be easy to find. You could (and, I would say, should) be interested in how your data is handled in the case that a law enforcement agency asks for it, or if you close your account. How long after cancellation does it hang around on their servers? How long are backups stored? Is your name, email address, credit card information retained even after you cancel and your data is wiped?

So TickTick should make all make that abundantly clear on their site. They don't. Neither their privacy policy nor their terms of service describe anything about them, not even where they are based.

That's a problem, because it means that TickTick aren't even telling you which legal jurisdiction they are based.

Domain registration details & data privacy

Another suspicious, or at least unprofessional-looking thing with TickTick is their website domain name registration. The more internet savvy amongst you will know that it's possible to look up, e.g. via WhoIs, who registered a particular domain. Now, in most cases, the details you will find will belong to a company, not an individual and you certainly don't expect to find a personal gmail address. You'd expect to find that stuff with an amateur blogger perhaps. One that hasn't bothered to protect the details of his private life from public view (which is a standard service offered by literally every domain name registrar I've ever dealt with). Try WhoIs with "Facebook.com"; you won't find Mark Zuckerberg's details and "zucky@gmail.com" as the registrant's details. (Note to idiots: I just made that up - it's not his address and I don't know his address.)

But with TickTick we get this:

Ticktick.com was registered by a Damon Woo of Xihu Street, Hangzhou, Zhejiang Province, 310007, China.
His email address is damonwoo@gmail.com. (You can also find his phone number... and a whole bunch of other details.)

None of this is an inherent problem for customers data. But it does raise the question over, e.g. legal jurisdiction and where customers' data is stored. I would bet the majority of TickTick's (potential) customers - at least those reading this - wouldn't have a clue about Chinese data or privacy laws. TickTick certainly doesn't clarify them or if they even apply. The WhoIs details also include DNS server details, which actually belong to AWS (Amazon Web Services), suggesting that the data might be stored on Amazon's servers. But under US, UK or another jurisdiction? Again, not clear. Can Damon Woo be legally compelled in China to give authorities there customers' data? We don't know.

The app interface looks like a complete knock-off

What raises suspicions even more, is that TickTick's Android app interface is almost completely identical to that of ToDoIst. To be honest, it looks like a knock-off. I'd even believe that the same company are behind both products, if it wasn't for the fact that TickTick are so different in what they say about how their service is provided.

No answers to support emails/emails about privacy and data

With all this lack of claritiy, I emailed TickTick and received no answer in over 6 weeks (and counting). I should say in advance that I have received detailed replies to similar questions from Nozbe and ToDoIst, so this is not unreasonable at all. My questions to TickTick were:

  1. Privacy & Security
  • Is customer data stored encrypted or not on TickTick servers?
  • If encrypted, does the encryption happen client-side or server side?
  • Is data transfered between the user's computer and TickTick servers using TLS?
  • How are user passwords protected? Are they salted and hashed?
  • Do TickTick employees have access to my data? If so, who and under which circumstances?
  • Does TickTick support second-factor authentication, and if so how can I switch this on?
  • If I delete my account, how long before my the data completely removed from TickTick servers, including backup copies?
  • Under which county's legal jurisdiction is my data stored?
  • If Hong Kong, can the government force you to give up user data?
  • If I upgrade to the PRO account and make a payment, do you handle my credit card data?
  1. Features
  • What explains the extra-ordinary similarity in the look and feel of Tick Tick to that of ToDoIst?
  • Will TickTick develop a client/app for Linux? If not, why?
  • Do you have something like a Trello board where upcoming developments are listed?
  1. Other questions
  • Why does TickTick's website not make the privacy and security points above explicitly clear?
  • ToDoIst, Nozbe, Wunderlist and Remember The Milk list their employees on their website. Why doesn't Tick Tick?

edited: 2018-05-16


Other than that TickTick say they use Amazon AWS, very few of my other points are addressed under either of the links above. Company address? Who has access? Who has legal jurisdiction over my data? Who handles my credit card data? How long before my data is deleted if I close an account? It's unacceptable not to inform people about these absolutely fundamental aspects of how their private data is handled. And nothing at all under either of the links above dispels concerns over what appears as a plagiarised interface or the fact that the company is registered in China and doesn't reveal it.

Wouldn't trust them as far as I could throw them.

about TickTick and Whois.net, Todoist · · Helpful Not helpful 5 Helpful Report as spam

TickTick have the same functionality and even appearance as ToDoIst, which smells of a knock-off to me. Their website is registered in mainland China by an individual with a Gmail account and no WhoIs protection (doesn't feel very professional, does it?). They have no information on their site about who they are, how/where they store user data, how it is erased when you close your account, or what legal jurisdiction it falls under. They also don't answer fundamental questions about privacy and security sent to their customer support email address.

Other than all that... yeah... great.

See my review (under the Review tab above) for more details.


Start Using This...

about TickTick and Cloudship · · Helpful Not helpful Report as spam

Previously using Cloudship but it has a really bad connection for one or two months. I tried many To-Do list and found this one is easy-to-use, has a clean interface and it is similar but also a little more powerful than Cloudship.


TickTick is awesome!