Your trust matters more to us than your data, so we built DoubleSign to need very little of it.
DoubleSign has no passwords. You sign in with Google, and Google handles the sign-in. That means there is no password for you to remember, no password for us to store, and no password for anyone to steal from us. We only ever see your name and email from your Google account. This is the single biggest reason DoubleSign is safer than a typical login site: the most commonly stolen thing on the internet, the password, simply does not exist here.
When you buy the expanded $1.99 report, your payment is handled entirely by Stripe, a payment processor certified at PCI-DSS Level 1, the highest level in the payments industry. You enter your card on Stripe's secure systems, not ours. DoubleSign never receives, sees, or stores your full card number or security code. We get back only a simple confirmation that the payment went through. Your charge appears on your statement as DOUBLESIGN, billed by Double Sign LLC.
The site runs on Google Cloud and Firebase, the same infrastructure that powers many of the services you already use. Your account details and the readings you save are stored there, protected by Google's data center security and encrypted in transit by default. We rely on this proven infrastructure rather than rolling our own.
We practice data minimization, which is a plain idea: do not collect what you do not need. We do not ask for your phone number, your address, or a password. We take your name and email from Google so you can sign in and reopen your reports, the inputs you give us for a reading, and a confirmation from Stripe if you make a purchase. That is close to all of it. The less we hold, the less there is to ever go wrong.
The logic behind your compatibility readings stays on our secure servers, not in your browser. When you run a reading, your request goes to a protected server function that returns the result. This keeps the work that makes DoubleSign valuable in a place we control, and it keeps the paid report behind a proper server-side gate rather than something a browser could reveal.
The safest account is a well-protected Google account. Because DoubleSign relies on Google to sign you in, turning on two-step verification for your Google account is the best single thing you can do to keep your DoubleSign access secure.
If you have a security or privacy question, or you want us to delete your data, see our Privacy Policy or email us at doublesign28@gmail.com. We are happy to help.
Operated by Double Sign LLC.