Security Policy

When it comes to keeping your data and information secure, we never rest. We’ve built bank-grade security measures into the system to make sure you can use Dashly with confidence.


Data Security

Secure data transmission: When you load a page in your browser, or upload something to Wave, all that information is encrypted while it’s moving over the internet. We lock up your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping. We also support a wide variety of cyphers — another kind of code — for our communications, to ensure the highest level of encryption possible, based on your browser.

Secure data storage: Your accounting data is stored on servers that have strict physical access protocols, meaning there are rules in place limiting access to only the people who need it to do their jobs. The facilities are controlled with 24/7 monitoring, and the technology is digitally protected.

Security Testing: Wave uses many layers of security testing. We test our systems internally, but that’s not enough in our opinion. We also regularly bring in third-party security firms such as Netitude and TrustArc to perform vulnerability assessments and penetration tests against our systems.

Transparency: We’re not asking you to just take our word for it that we keep your data secure. We want you to understand exactly how it’s done. That’s why we’ve written, a very clear and understandable Privacy Policy.


Mobile Security

Passwords are encrypted when they’re collected, when they’re sent to our servers, and we never store them without encrypting them first. In fact, all communications between our apps and our servers are encrypted using Transport Layer Security (TLS) — the replacement for Secure Sockets Layer (SSL) — the highest level of security protocols available. Beyond that, we don't store any sensitive information, such as account numbers, on the device ever.


Fraud Prevention

We’ve built an internal risk system that uses a wide variety of tools and insights to protect you and your customers from fraud. We’ve integrated several third-party security and anti-fraud service providers to create a layered approach to risk detection, for the highest level of protection. And our team of risk analysts monitor high risk and out-of-pattern behaviour to keep our platform safe.

We’ve got your back when it comes to chargebacks. Our team is trained to coach you in best business practises to make sure you’re collecting the right information up front to protect your business from chargebacks. In the event that you do receive a chargeback (it happens!) our experts have the experience necessary to build your best case.


GDPR

As a company, Dashly complies with the General Data Protection Regulation (GDPR). We take customer data privacy seriously, ensuring that:

  • Personal data is properly collected, stored, and documented.

  • Any usage of personal data is communicated with the proper consent.

  • All new vendors, assets and activities pertaining to processing personal data are subject to a review of privacy, security and compliance.

  • Relevant processes are followed for transfers of personal data outside the European Union.


Account Verification

Dashly uses Auth0.com to safeguard our users accounts, with default email verification at account creation time and during password resets. Auth0 has been built on tested, verified identity standards, including LDAP, SAML, OAuth, OpenID, OpenID Connect, and JSON Web Tokens (JWTs) - all of the common and most popular identity standards. Auth0 participates in standards organisations like the OpenID Foundation making it easy for Dashly to leverage these powerful standards to shield our own applications and APIs.


Do you have additional questions about the security of Dashly? If so, please don’t hesitate to contact us. We’d be happy to tell you more about the many steps we take to ensure the security of your sensitive information.