Enterprise-Grade Security

Your data is safe with us

We take security seriously. DoughOps uses bank-level encryption and industry best practices to protect your business data.

Encryption Everywhere

  • In Transit: All data encrypted with TLS 1.3
  • At Rest: AES-256 encryption for stored data
  • Passwords: bcrypt hashing with 12 rounds
  • Backups: Encrypted and stored securely

Secure Infrastructure

  • Hosted on AWS: Industry-leading cloud security
  • SOC 2 Compliant: Infrastructure meets strict standards
  • Regular Backups: Automated daily backups with 30-day retention
  • Redundancy: Multi-zone deployment for reliability

Access Controls

  • Role-Based Access: Control who sees what
  • Session Management: Automatic timeout and secure logout
  • Audit Logging: Track all account activity
  • Team Permissions: Granular control for team members

Application Security

  • Input Validation: All inputs sanitized and validated
  • SQL Injection Protection: Parameterized queries via Prisma ORM
  • XSS Prevention: Content Security Policy and output encoding
  • Rate Limiting: Protection against brute force attacks

Data Privacy

  • Your Data is Yours: We never sell your information
  • Data Isolation: Each tenant's data is completely separate
  • Export Anytime: Download your data whenever you need
  • Deletion on Request: We remove your data when asked

Compliance

  • GDPR Ready: Data Processing Agreement available
  • CCPA Compliant: California privacy rights supported
  • PCI DSS: Payments handled by Stripe (PCI Level 1)
  • Data Residency: US-based servers with international compliance

Our Security Practices

Regular Security Reviews

We conduct regular security assessments and code reviews to identify and address potential vulnerabilities before they become issues.

Dependency Monitoring

We actively monitor and update third-party dependencies to ensure we're protected against known vulnerabilities.

Incident Response Plan

We have documented procedures for detecting, responding to, and recovering from security incidents.

Employee Training

All team members receive security awareness training and follow strict data handling procedures.

Protecting Your Account

Security is a partnership. Here's what you can do to keep your account safe:

1

Use a Strong Password

Choose a unique password at least 12 characters long with a mix of letters, numbers, and symbols.

2

Don't Share Credentials

Each team member should have their own account. Never share login information.

3

Review Team Access

Regularly review who has access to your account and remove people who no longer need it.

4

Watch for Phishing

We'll never ask for your password via email. Report suspicious emails to security@doughops.com.

Found a Security Issue?

We appreciate the security research community's efforts to improve our security. If you've found a vulnerability, please report it responsibly.

How to Report

  • Email us at security@doughops.com
  • Include details about the vulnerability and steps to reproduce
  • Give us reasonable time to address the issue before public disclosure
  • We commit to acknowledging reports within 48 hours

We do not currently offer a bug bounty program, but we deeply appreciate responsible disclosure and will acknowledge researchers who help us improve.

Questions about security?

Our team is happy to answer any security-related questions you have.

Contact Us Privacy Policy Data Processing Agreement