We believe productivity tools should be simple, fast, and secure
TodoMate was built during Hackathon II with one goal: create a todo app that actually respects your time and your data.
What TodoMate solves
Most todo apps start simple and grow into monsters — buried under tags, sub-tasks, integrations, and notifications you never asked for. The tool itself becomes a source of stress.
TodoMate takes the opposite approach. Five operations, done well: add, list, update, delete, and complete. Nothing more. Every pixel on screen serves those five goals.
We also refuse to compromise on security. Your session is protected by JWT tokens, your password is never stored in plaintext, and your tasks are completely isolated from every other user on the platform.
Our three pillars
Simplicity
Every feature earns its place. We ruthlessly cut anything that doesn't help you get tasks done. The result is an interface that feels obvious from day one.
Security
Your tasks are private by design. JWT tokens, hashed passwords, and strict per-user data isolation mean your information is always protected.
Speed
Built on Next.js App Router + FastAPI + Neon serverless PostgreSQL. Pages load fast, API calls respond in under 500ms, and UI updates are instant.
Why security matters in a todo app
A todo list is a window into your life — your projects, your goals, your commitments. Treating that data carelessly would be a betrayal of trust.
Every API request to TodoMate requires a valid JWT token signed with a shared secret. Tokens expire after 7 days. Passwords are hashed using bcrypt before they ever touch the database. No plaintext, no reversible encoding.
And crucially: you can only ever see your own tasks. Even if another user guesses the ID of one of your todos, the server will reject their request with a 403. Per-user isolation is enforced at the database query level, not just the API layer.
Built with care during Hackathon II
TodoMate is a full-stack web application built as part of Hackathon II, Phase 2. The stack: Next.js App Router, FastAPI, PostgreSQL on Neon, and Better Auth. Designed and developed from scratch in a single sprint.