Skip to main content

How We Protect Your Data

What we do to protect you, what we'll never do with your data, and how you stay in control.

Your financial data stays under your control. You can enter data manually or connect your bank accounts via open banking. When you connect a bank account, Doughsense accesses account data in read-only mode. Your bank credentials are handled entirely by your bank and never touch our systems.

Your financial information is never shared with or sold to third parties. Doughsense is funded by subscriptions, not your data.

All data in transit is encrypted with TLS. Data at rest is encrypted with AES-256. These are the same standards used across the financial industry.

Our application is hosted on AWS within the European Union, with Cloudflare providing edge security. Systems are continuously monitored and your data is backed up daily with point-in-time recovery.

Every update goes through automated security testing and code review. We monitor for vulnerabilities and apply patches promptly.

Doughsense AI processes commands server-side via AWS Bedrock. Dictation uses Amazon Transcribe to convert speech to text in real time, with no audio stored after processing. Your data is never used to train AI models or shared with model providers.

We never store your password in plain text. Even we can't read it. Multi-factor authentication (MFA) is available for password-based accounts, adding a second layer of protection at sign-in.

Sign in with Google or Apple for a passwordless experience with their built-in security protections. Sessions are managed with short-lived tokens and automatic expiry.

All payment processing is handled by Stripe. Doughsense never sees or stores your card details. Card numbers, CVVs, and billing information go directly to Stripe and never touch our servers.

Doughsense Ltd (FRN 1054183) is registered with the Financial Conduct Authority as an agent of Finexer Ltd (FRN 925695), which is authorised under the Payment Services Regulations 2017 as an Authorised Payment Institution.

  • Read-only access: We can only view account balances and transaction history. We cannot move money or initiate payments.
  • Bank credentials stay with your bank: Authentication is handled directly by your bank. Doughsense never sees your login details.
  • 90-day consent cycle: Open banking consents require re-authorisation every 90 days, giving you regular control over access.
  • Data minimisation: We store only the data fields needed to provide the Service. Raw API responses are not retained.
  • Revoke at any time: You can disconnect any bank connection instantly from within the app, which revokes consent and stops all data retrieval.

You can request a copy of all your data or complete deletion of your account. Deletion requests are processed within 30 days. Doughsense complies with UK data protection law.

You can help keep your account safe too:

  • Enable MFA if you haven't already.
  • Use a strong, unique password that you don't reuse on other sites.
  • Keep your recovery details safe, including your MFA recovery codes.

Get in touch and we'll be happy to help, or get started and see for yourself.

Start 14-Day Free Trial Contact Us

14-day free trial. No credit card required.

Found a security issue? Report it responsibly at security@doughsense.com.