Security

How we protect your data

Data encryption

DoubleLoop uses the industry-standard SHA-256 RSA encryption for all data in transit as well as at rest. In addition, all sensitive customer data such as passwords are encrypted and salted at an individual level. All data centers are ISO 27001 and SOC 2 compliant.

Infrastructure security

DoubleLoop aggressively updates all of our systems. Security patches for all system dependencies are applied within 24 hours of release, usually within 1 hour. All 3rd party vendors in use at DoubleLoop are vetted for at least the same level of security that we apply ourselves, most being SOC 2 compliant. All mission-critical providers are SOC-2 compliant.

Data retention

To construct a comprehensive timeline of your product iterations, DoubleLoop provides the option to install our GitHub app. The GitHub integration requires code commit metadata. To receive commit-level metadata, DoubleLoop needs your permission to access the "contents" of the GitHub repositories that you choose to connect. While this permission includes read-only access to your code, we will never store your code. We do not need your source code to deliver the service we provide. Unfortunately, GitHub does not provide a permission level that gives us commit-level metadata without access to source code.

Company practices

Data security is a top priority for DoubleLoop. We apply a number of security practices internally to ensure access to your data is restricted such as rotating all of our encryption keys regularly, reducing access to those keys to the minimum number of people, and regular security training.