Trust
How we handle your data.
Compliance docs, security posture, and the third parties we work with. If your team needs something specific for procurement that isn’t covered here, email [email protected].
Documents
Data Processing Agreement
GDPR-aligned DPA covering how Doable processes personal data on your behalf. Pre-signed by us; counter-sign and return by email if your team requires it. Includes our subprocessor list.
Privacy Policy
What data we collect, why we collect it, and how long we keep it.
Terms of Service
The contract that governs your use of Doable.
Security
Encrypted at rest
Environment variables are encrypted with AES-256-GCM. API tokens are stored as SHA-256 hashes, never in plaintext.
Open-source agent
Our self-hosted agent is open source. Outbound-only connections, no inbound port, audited by anyone.
Container isolation
Every project runs in its own Docker container with capability drops, no privileged mode, and no host filesystem access.
Source-bundle integrity
Every deployed source bundle is hashed (SHA-256) and verified before build. A tampered upload fails the deploy.
Found a security issue?
Please report it to [email protected]. We’ll acknowledge within one business day.