Doughsense

How We Protect Your Data

What we do to protect you, what we'll never do with your data, and how you stay in control.

You enter your data manually, so there are no bank credentials stored in our systems. You decide exactly what information enters Doughsense, and you stay in full control of it.

Your financial information is never shared with or sold to third parties. Doughsense is funded by subscriptions, not your data.

All data in transit is encrypted using TLS, the same protocol used by banks and financial institutions. Data at rest is encrypted using AES-256, the strongest widely adopted encryption standard. Your financial information is protected whether it's being transmitted or stored.

Our application is hosted on Render (SOC 2 Type 2 certified) within the European Union, with Cloudflare providing edge security, DDoS protection, and a web application firewall. Your data is stored and processed in EU data centres.

Our systems are continuously monitored with automated alerts for unusual activity. Your data is backed up daily with point-in-time recovery, so your financial data is always safe.

Every update goes through automated security testing and code review before it reaches you. We continuously monitor for vulnerabilities and apply patches promptly.

The AI assistant processes commands server-side via AWS Bedrock within the EU. Your data is processed securely on AWS. It is never sent to an external AI provider or used outside our infrastructure. Commands are checked and restricted to approved actions within a defined scope.

Your financial data is not used to train AI models. AWS Bedrock guarantees that inputs and outputs are not used for model training or shared with model providers.

We never store your password in plain text. Even we can't read it. Multi-factor authentication (MFA) is available for password-based accounts, adding a second layer of protection at sign-in.

Sign in with Google or Apple for a passwordless experience with their built-in security protections. Sessions are managed with short-lived tokens and automatic expiry.

Internal access to production systems is restricted to authorised personnel and follows the principle of least privilege. Access is reviewed regularly and limited to what each role requires.

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor, the highest level of certification in the payments industry.

Doughsense never sees or stores your card details. Card numbers, CVVs, and billing information go directly to Stripe and never touch our servers.

You can request a copy of all your data in a portable format. You can also request complete deletion of your account and all associated data. Deletion requests are processed within 30 days, ensuring complete removal from all systems including backups.

Doughsense is registered with the UK Information Commissioner's Office (ICO registration ZB948761) and complies with UK data protection law.

You can help keep your account safe too:

  • Enable MFA if you haven't already.
  • Use a strong, unique password that you don't reuse on other sites.
  • Keep your recovery details safe: your email address for password resets, and your MFA recovery codes if you've enabled multi-factor authentication.

Get in touch and we'll be happy to help, or get started and see for yourself.

Start 14-Day Free Trial Contact Us

14-day free trial. No credit card required.

Found a security issue? Report it responsibly at [email protected].