Security Statement

Security Practices

DueDash works to improve security in the investment industry, starting with protecting you and your clients’ data. At DueDash, we employ the following security best practices:

Data at rest

Documents on the DueDash platform are stored with enterprise-grade security on the AWS platform also used by FICO, NASA, GE, and Dow Jones. Stored documents are protected with AES-256 encryption.

Data in transit

Information sent between DueDash servers and users’ computers is encrypted with TLS 1.2, the successor to the SSL protocol.

Security of login credentials

DueDash requires strong user passwords which are then salted and hashed with bcrypt. DueDash employees have no capacity to reconstruct the original password.

Backups and logging

DueDash implements audit logging to protect against unexpected database activity. Data is regularly backed up.

SOC 2 Certified

DueDash has many security controls and practices to keep your data safe and secure and engages multiple third-party vendors to assess, audit and attest to its security. One such audit provides DueDash with the SOC 2 certification commonly seen as a standard of security by accounting and other financial organizations.

We take security seriously. If you believe you’ve found a vulnerability, please email us at security@duedash.co.

DueDash Vulnerability Disclosure Policy

Data security is a top priority for DueDash, and DueDash believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in DueDash’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy

  • If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@duedash.co. We will acknowledge your email within five business days.
  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within five business days of disclosure.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the DueDash service. Please only interact with accounts you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we’d like you to refrain from:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of DueDash employees or contractors
  • Any attacks against DueDash’s physical property or data centers 

Thank you for helping to keep DueDash and our users safe!

Changes

We may revise these guidelines from time to time. 

Contact

DueDash is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at support@duedash.co.

Other Information

You are asked to refrain from security research on DueDash or searching for vulnerabilities without first notifying DueDash and getting permission to take the actions you will take.

Register Login