Enterprise-Grade Protection for Your Digital Twin

At The Double, your security is the foundation of our partnership. We have engineered our platform to ensure that your data remains private, your voice clone remains secure, and your business intelligence stays entirely under your control.

The "No-Training" Guarantee

Isolated Knowledge Environments

Your doubles operate in isolated virtual environments, ensuring no data "leaks" between users or teams.

Isolated Knowledge Environments

Your doubles operate in isolated virtual environments, ensuring no data "leaks" between users or teams.

Zero Base-Model Training

We follow a strict No-Training Policy, meaning your files, URLs, and conversation logs are never used to train public LLMs or Cardtree's core models.

Data Sovereignty

You retain 100% ownership of the knowledge you upload, and you have the "Right to Erasure" to delete your data permanently at any time.

Data Sovereignty

You retain 100% ownership of the knowledge you upload, and you have the "Right to Erasure" to delete your data permanently at any time.

Technical Infrastructure

Encryption at Rest & In Transit

All data is secured using industry-standard AES-256 bit encryption at rest and protected by TLS 1.3 while in transit.

Hardened API Security

Our integrations with platforms like Salesforce and HubSpot use secure, token-based authentication to maintain the integrity of your CRM data.

VPC Isolation

The Double infrastructure is hosted within a Private Virtual Cloud, keeping your data segregated from public internet traffic.

Compliance & Governance

SOC 2 Type II - In progress

We are committed to the SOC 2 framework, ensuring our platform meets the highest standards for Security, Availability, and Confidentiality.

SOC 2 Type II - In progress

We are committed to the SOC 2 framework, ensuring our platform meets the highest standards for Security, Availability, and Confidentiality.

GDPR & CCPA Compliant

Our data handling processes are fully aligned with major privacy regulations, providing users with transparent controls over their Personal Identifiable Information (PII).

GDPR & CCPA Compliant

Our data handling processes are fully aligned with major privacy regulations, providing users with transparent controls over their Personal Identifiable Information (PII).

Audit-Ready Logging

Every action taken by your double is logged and traceable, providing a clear audit trail for security reviews.

Audit-Ready Logging

Every action taken by your double is logged and traceable, providing a clear audit trail for security reviews.

You might have some questions!

Is my data used to train AI models?

No. We have a strict policy that prevents your proprietary data, uploaded documents, or conversation logs from being used to train any base LLMs or global models. Your knowledge remains exclusive to your account.

How secure is my voice cloning data?

Voice data is treated with the highest level of sensitivity. Your recordings and voice profiles are encrypted and stored in an isolated environment. We do not share your voice prints with third parties.

Who can access my conversation logs?

Only authorized members of your organization with the appropriate permissions can access the Chat dashboard to scroll through logs. Cardtree employees do not access your logs unless specifically requested for support purposes under a verified business need.

What happens if I delete a double or my account?

When you request deletion, we initiate a "Right to Erasure" process. Your data, including uploaded PDFs, scraped URLs, and voice profiles, is permanently removed from our active production systems.

Does Cardtree comply with international data laws?

Yes. We are designed to be GDPR and CCPA compliant. We provide tools for data access and deletion, and we use secure encryption for all cross-border data transfers.