Security
We take security very seriously at Double and hold ourselves to strict standards when it comes to keeping you and your clients' data secure.
See below for a high level overview of how Double handles data security within the application. Additionally, please review our Trust Center for a detailed breakdown.
If you have any questions or concerns about our practices, please email us immediately at ben.stein@doublehq.com.
Security standards
Double is SOC 2 Type II certified. For more information and the accreditation report, contact a sales representative or customer success manager.
Data storage and transmission
All data in Double is fully encrypted at rest and in transit.
At rest
All data on Double's servers is encrypted at rest with AES-256, block-level storage encryption (bank-grade encryption)
This includes documents and attachments uploaded to Double
In transit
We employ TLS to ensure all passwords, documents, and financial information stay securely within Double
Passwords & authentication
Double utilizes Google's Firebase for user auth management.
Firebase is certified under major privacy and security standards, including ISO 27001, SOC 1, SOC 2, and SOC 3.
For more information on Firebase's security standards, please see this link.
Double supports two factor authentication for both accountants and clients.
Privacy
We do not sell any user data or client financial information.
Backups
Double's servers are continuously backed up to minimize risk of data loss.
AI Usage
Double uses AI to power features like Ask Double, AI Flux Analysis, AI Transactions, and more.
When you use these features, Double sends relevant information to the model providers (Anthropic, OpenAI, and Google).
Double does not train models on any client data, and per the commercial terms governing our API use, all the model providers we work with are prohibited from training on Double's AI usage.
For more information on our AI Usage, see here: How we use AI in Double.
