At dub, we understand that when you entrust us with your personal and financial information, you expect the highest standards of security and privacy. Safeguarding your data is not just a priority—it's fundamental to our operations as a registered broker-dealer.
Our Security Measures
Two-Factor Authentication (2FA)
We implement a robust security layer through two-factor authentication:
- A one-time password (OTP) is sent to your registered phone number
- 2FA is required for both sign-up and every sign-in
- This additional verification step helps prevent unauthorized access to your account
Multi-Level Encryption
Your data is protected through multiple layers of encryption:
- All information is stored using bank-level encryption standards at rest
- Modern TLS standards are employed for the transmission of data
- Sensitive information (such as account passwords and Social Security numbers) undergoes an additional layer of encryption before storage
NIST Cybersecurity Framework
We adhere to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which includes:
- Continuous monitoring of potential security risks
- Implementation of safeguards on critical services
- Activities to identify and respond to intrusion attempts
- Measures to maintain resilience against cyber threats
Regulatory Compliance and Data Retention
As a registered broker-dealer with the Securities and Exchange Commission (SEC), dub operates within strict regulatory guidelines:
- We are required to maintain books and records for a period of six years to comply with regulatory requirements
- These requirements help ensure transparency and accountability in all our operations
- Our practices align with relevant data protection laws and financial regulations
How We Use Your Data
We want to be clear about how we handle your personal information:
- We do not sell your data to third parties
- Your information is used solely to service your account and provide you with our investment platform
- We do not use your data for marketing purposes beyond our own services
Data Deletion Requests: While we respect your privacy rights, as a regulated financial institution, we are legally required to retain certain records for the regulatory period of 6 years after account closure, during which time your information remains encrypted and protected.
Third-Party Integrations
dub only verifies your banking log-in credentials once. dub uses Plaid, Inc., a trusted third-party integration, to access information about your bank account.
Our Commitment to You
We are committed to:
- Continuous improvement of our security systems
- Transparent communication about how we handle your data
- Prompt response to any security concerns you might have
Need Help?
If you have any questions or need assistance during the account opening process, please contact us at support@dubapp.com.