Security Policy

Secure data transmission: When you load a page in your browser or upload something to Dashly, all that information is encrypted while it’s moving over the internet. We lock up your data with up to 256-bit TLS encryption, the same strength of protection you get with online banking. We also support a wide variety of ciphers—another kind of code—for our communications, to ensure the highest level of encryption possible based on your browser.

Secure data storage: Your account data is stored on servers that have strict physical access protocols, meaning there are rules in place limiting access to only the people who need it to do their jobs. The facilities are controlled with 24/7 monitoring, and the technology is digitally protected. All of your data is housed within the Google data centre in London, UK. Data is encrypted at rest using AES-256 symmetric keys, with the encryption keys themselves encrypted by a key stored in a KMS and regularly rotated. This applies to SQL databases, shared/network storage, as well as VM disks.

Security Testing: Dashly uses many layers of security testing. We test our systems internally, but that’s not enough in our opinion. We also regularly bring in third-party security firms, such as Netitude, to perform vulnerability assessments and penetration tests against our systems.

Transparency: We’re not asking you to just take our word that we keep your data secure. We want you to understand exactly how it’s done. That’s why we’ve written a very clear and understandable Privacy Policy.

Passwords are encrypted when they’re collected, when they’re sent to our servers, and we never store them without encrypting them first. They are salted and hashed with the scrypt algorithm. In fact, all communications between our apps and our servers are encrypted using Transport Layer Security (TLS)—the highest level of security protocols available. Beyond that, we never store any sensitive information, such as account numbers, on the device.

We’ve built an internal risk system that uses a wide variety of tools and insights to protect you from fraud. We’ve integrated several third-party security and anti-fraud service providers to create a layered approach to risk detection, for the highest level of protection. And our Compliance and Information Security team regularly monitors high-risk and out-of-pattern behaviour to keep our platform safe.

As a company, Dashly complies with the UK GDPR and the Data Protection Act 2018 (DPA 2018). We take customer data privacy seriously, ensuring that:

• Personal data is properly collected, stored, and documented.

• Any usage of personal data is based on a valid legal basis, such as consent or contractual necessity, and is clearly communicated to you.

• All new suppliers, partners, assets, and activities pertaining to processing personal data are subject to a review of privacy, security, and compliance.

Dashly uses Auth0.com to safeguard our users' accounts, with default email verification at account creation time and during password resets. Auth0 has been built on tested, verified identity standards, including LDAP, SAML, OAuth, OpenID, OpenID Connect, and JSON Web Tokens (JWTs)—all of the common and most popular identity standards. Auth0 participates in standards organizations like the OpenID Foundation, making it easy for Dashly to leverage these powerful standards to shield our own applications and APIs.

If you have additional questions about the security of Dashly, please don’t hesitate to contact us. We’d be happy to tell you more about the many steps we take to ensure the security of your sensitive information. You can also email our Data Protection Officer at dpo@dashly.com with any data protection-specific queries.

Do you have additional questions about the security of Dashly? If so, please don’t hesitate to contact us. We’d be happy to tell you more about the many steps we take to ensure the security of your sensitive information.