Legal
Security
Last updated: January 1, 2026
Our Commitment to Security
At donefy, security is foundational — not an afterthought. We design every layer of our platform with the understanding that your business data is sensitive and valuable. We continuously review and improve our security practices to protect your information.
Data Encryption
All data transmitted between your browser and donefy is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption. Backups are also encrypted and stored in geographically distributed locations to ensure resilience.
Access Controls
donefy enforces role-based access control (RBAC) across all accounts. Administrators can define granular permissions for each team member. We support multi-factor authentication (MFA) and recommend enabling it for all users with administrative privileges.
Infrastructure
Our platform is hosted on SOC 2 Type II certified cloud infrastructure. We maintain strict network segmentation, regular vulnerability scans, and automated intrusion detection. Our infrastructure is monitored 24/7 with automated alerting for anomalous activity.
Tenant Data Isolation
Every donefy account operates in a fully isolated data environment. Your business data is never commingled with another customer's data at the application or database level. Strict tenant isolation is enforced at every layer of our stack.
Vulnerability Disclosure
If you discover a security vulnerability, please report it to security@donefy.com. We take all reports seriously and will respond within 48 hours. We ask that you give us reasonable time to resolve the issue before any public disclosure.
Contact
For security-related inquiries, reach out to our security team at security@donefy.com.