We have undertaken a cross-company program to ensure we are compliant and can support our customers with their compliance. This includes a comprehensive organisation-wide audit and gap analysis, and carrying out a detailed action plan of changes we need to implement. This has included process changes, security and product improvements, supplier reviews and ensuring we have compliant contracts in place. We've provided a summary of our activity here.

All customer assets added to a Dash account are hosted in the Amazon Web Services ("AWS") EU (Ireland) region. Backups are stored in the AWS EU (Stockholm) region.

See the Dash Security Overview article for more information about our hosting and security policies.

Our EU data centres ensure that the main hosting of your Dash data remains in the EU.  We use a select number of suppliers to help us provide our support and consultancy services to you and some of these providers are based outside of the EU. For transfers outside of the EU the GDPR requires that appropriate safeguards are in place to protect that data - all of our industry leading suppliers offer the required safeguards so that these transfers are suitably protected.

More details on our carefully selected suppliers and international data transfer can be found on our Sub-Processors and International Data Transfer page.

Data is transferred to our offices in the UK as part of our support and consultancy work. International transfer of data is covered under the relevant GDPR rules. Our Terms and Conditions include the required contracting commitments to ensure such transfer is fully compliant.

Our data centres are provided by Amazon Web Services ("AWS") which is an industry leading supplier of hosting services for organisations across the globe. AWS have extensive security in place along with a robust approach to compliance - more details on AWS's policies can be found here.

We are ISO27001:2013 certified and security of data is a consideration for each aspect of our products and services. Our hosting infrastructure, as well as being protected by AWSs services, includes several layers of protection, including data encryption, backups, regular security patching and strong access controls. Security is a key consideration in our product development and we're also rolling out improvements to security when we transfer your data outside of Asset Bank. 

Our Dash Security Overview article has more information on how we protect your data.

We are committed to ensuring that our customers can be confident in our compliance and provide several resources to support an audit of our security and practices, all inline with GDPR requirements.

For those seeking detailed information about our specific security practices, we can provide on request:

Our aim is for these sources to provide sufficient information for our customers to assess our security and consider if our practices meet their requirements. Where further details are required our support team will be happy to answer specific questions. 

Our Data Processing Agreement makes additional allowances for us to support our customers with any further auditing, as an additional chargeable service.

Our Data Processing Agreement and the Standard Contractual Clauses are both included in our Dash Terms and Conditions.

Yes - We will only ever process your data for the purposes of providing our services to you. Specifically, for the purposes of providing your Dash, along with any support services or consultancy that you may ask us to provide. We will never use your data for any other purposes without your written instructions or permission.

Yes - access to our customers data is carefully controlled. Only those within the company who need access to provide our services to you are able to access Asset Banks. Access to the infrastructure of our cloud hosting services is additionally strictly limited to members of our infrastructure team. We never use client data in our testing or development process.