Security FAQs
Our Security Promise
Data security is a core element of our business and is our top priority. Hubdoc’s security policy takes an extensive, layered approach to security, integrating industry-leading security measures into our procedures, applications and infrastructure.

Hubdoc is built with multiple layers of security to protect your personal information. These include:

  1. Login Security. Your login password is secured using a one-way hash.
  2. Encryption. We use Transport Layer Security (TLS) technology to encrypt your personal information using the highest encryption algorithm available -- the same algorithm utilized by the top U.S. financial institutions.
  3. Third-Party Verification. We use industry leaders McAfee to perform daily scans on our site for vulnerabilities and TRUSTe to certify our privacy practices. For more information on these services, see McAfee's Secure Site and TRUSTe's service.
  4. Data Centre Security. Our data centres are monitored by closed circuit television systems and protected by onsite security teams around the clock. All access is controlled by a military-grade passcard system. Our data centres comply with national, international and industry standards relating to security.
  5. "Read-Only" Data Separation. Hubdoc pulls all of your bills and statements from your accounts to help you get organized but we do not have the ability to make account changes of any kind. This means that no one, including you, can use your Hubdoc account to access your money or make changes to any of your household accounts.
Increasing Your Financial Security Online
In addition to Hubdoc's security measures, the following practices will help you protect your Hubdoc account.

  1. Keep up to date with security software. Ensure your browser and anti-virus software are current with the most recent updates.
  2. Disable automatic login or autofilled passwords in your browser. This way, if your computer is ever lost or stolen, the thief will not be able to automatically log in to your Hubdoc account and access your documents.
  3. Use a strong password. Consider password best practices, such as:
    • Don't use personally identifiable information in your password (name, username, birthday, names of family members)
    • Don't use the password you use for Hubdoc for other sites, such as your email or social networking accounts.
    • Change your password periodically
    • Use a combination of letters (capital and lowercase), numbers, and symbols.
    • Don't use whole dictionary words.
    • Use the "phrase" trick to create stronger passwords. Consider a phrase you will easily remember, and use the first letter of each word. "The answer my friend is blowing in the wind" would translate to a password of "Tamfibitw"
    • Avoid short passwords -- passwords should be at least eight characters and ideally longer.
    • Don't share your login or password with anyone.
  4. Remain vigilant against phishing. Phishing is the act of attempting to acquire personal information such as usernames, passwords, or credit card numbers via fraudulent web sites or emails. The following are best practices to avoid phishing attacks:
    • Most importantly, remember that Hubdoc will never ask you to submit your password or any other account information via either an email or unsecured website.
    • Look out for common characteristics of a fraudulent phishing email:
      • An unsolicited email attachment (do not open it, it will contain a virus)
      • A "from" or "reply-to" email address that is not "". However, do not solely rely on an "" address as a mark of safety -- many phishing emails mask their true email addresses and make the emails appear as though they are coming from a legitimate source when they are not.
      • A request for urgent account action
  5. Always log off after you are finished using Hubdoc. Be especially careful when using a computer that does not belong to you, such as one in a library or Internet café.
For More Information
For more information, call us at (800) 577-2842 or email us at