Security

Security is foundational to how we build and operate Stunt Double. We take a privacy-first approach, minimise the data we collect and retain, and align our controls and policies with recognised industry frameworks.

Because our AI agents act on your behalf, we treat the confidentiality and integrity of your data as a top priority across everything we do.

We protect customer data in transit and at rest using industry-standard encryption. We collect and retain only the data needed to provide our services, and we never sell or rent your personal information.

Full details of how we handle personal data are set out in our Privacy Policy.

Stunt Double is built on established, industry-leading cloud infrastructure. Our subprocessors maintain SOC 2 Type II certification, and we assess their security posture as part of our supplier due diligence.

The subprocessors we rely on are listed in our Privacy Policy.

For customers whose products are only reachable inside their own network, our AI actors can run on a self-hosted worker deployed within that network, rather than on our hosted browser infrastructure. This keeps internal applications from ever being exposed to the public internet.

The worker establishes an outbound-only connection to Stunt Double, so there is no need to open inbound firewall ports or expose any internal service. Each connection is authenticated with a short-lived, per-run token and scoped to a single automation run, and the worker runs under your control inside your own environment.

Our security programme is aligned with the SOC 2 Trust Services Criteria, and we have already implemented the substantial majority of the controls required for certification. We are actively preparing for a SOC 2 Type II examination.

We comply with applicable information security and data protection legislation, and we can provide further assurance to customers on request.

In the event of a security incident affecting customer data, we will notify affected customers promptly, take appropriate steps to contain and remediate the incident, and keep customers informed of progress and any preventative measures taken.

We welcome reports from security researchers and the wider community. If you believe you have found a security vulnerability in Stunt Double, please report it to us privately at security@stuntdouble.io and give us a reasonable opportunity to investigate and remediate before any public disclosure.

For security-related enquiries, including vulnerability reports and questions about our compliance posture, contact us at security@stuntdouble.io. For general enquiries, you can reach us at hello@stuntdouble.io.