Your security, our commitment

At Daneel, safeguarding your financial data is more than a pledge—it’s our everyday mandate. 

To protect your financial data, we integrate security into every aspect of our business, pursue third-party certifications that are meaningful for our customers, and conduct independent penetration tests.

Security Compliance at Daneel

We are currently pursuing SOC 2 Type 2 certification. Our live readiness status and engagement letters are available via our Trust Center https://trust.daneel.cpa and we expect to be able to provide our certificate in Q3 2025

Reporting Vulnerabilities in Security or Privacy

We encourage responsible disclosure. If you believe you’ve found a security or privacy vulnerability in any Daneel service, please report it to us.

How to report:

• Email security@daneel.cpa with a detailed description, proof-of-concept, and your contact details.
• Do not publicly disclose the issue until we confirm mitigation.

Our commitment:

• We’ll acknowledge your report within 3 business days, provide a status update within 5 business days, and aim to remediate within 30 days, depending on complexity.
• We will keep your personal data confidential and credit you (if you wish) once the issue is resolved. We currently do not offer a monetary reward for vulnerability disclosures.
• Acting in good-faith, non-destructive testing that respects user privacy and avoids service degradation is authorized under this policy; Daneel will not pursue legal action for such research.

Scope

• All publicly reachable Daneel domains, APIs, and mobile/desktop applications.

Out-of-scope activities

• Third-party websites or services that we link to.
• Issues related to software or protocols not under our control.
• Social-engineering, physical intrusion, spam or DDoS testing.
• Automated scans that generate excessive traffic.

Thank you for helping us keep our customers safe.