Trust

Security at Dola

Security is built into the platform, not bolted on. Here's how we protect your business and your clients.

Last updated June 23, 2026

Authentication

Two-factor authentication is mandatory for every role — owners, admins, and walkers. Sensitive admin actions (price changes, adding admins) can require step-up re-authentication.

Least-privilege access

Permissions are role-based and location-scoped: location admins and walkers only ever see and act on data for their own location. Every price, schedule, and role change is recorded in an immutable audit log.

Payments & PCI

Card data is handled entirely by Stripe via hosted payment elements, so cardholder data never touches Dola's servers — keeping your PCI scope to a minimum. Payment webhooks are the source of truth, so a booking is only confirmed once payment actually clears.

Data protection

  • Encryption in transit (TLS) for all traffic.
  • Database-level safeguards — including a constraint that makes double-booking impossible.
  • Row-level security as defense-in-depth behind application authorization checks.
  • Secrets kept in a managed vault, never in source.

Monitoring & resilience

Structured logging, error tracking, and alerting on payment failures and downtime help us catch issues early. Our infrastructure runs on managed, reputable cloud providers.

Reporting a vulnerability

Found something? We appreciate responsible disclosure — email security@dola.dog and we'll respond promptly.