Our Security Commitment
At Dashboard AI, security is not an afterthought—it's built into everything we do. We understand that you're trusting us with your business data, and we take that responsibility seriously.
Infrastructure Security
Cloud Infrastructure
Hosted on trusted cloud infrastructure with 99.9% uptime SLA, automatic failover, and geographic redundancy.
Network Security
Enterprise-grade firewalls, DDoS protection, and intrusion detection systems protect our network perimeter 24/7.
Monitoring
Continuous security monitoring, log analysis, and automated alerts detect and respond to threats in real-time.
Backups
Automated daily backups with point-in-time recovery. Backups are encrypted and stored in geographically separate locations.
Data Protection
Encryption
- In Transit: All data transmitted to and from Dashboard AI is encrypted using TLS 1.3, the latest and most secure protocol available.
- At Rest: All stored data is encrypted using AES-256, an industry-standard encryption algorithm used by governments and financial institutions.
- Database Encryption: Database connections use SSL/TLS encryption, and sensitive fields are additionally encrypted at the application level.
Access Controls
- Role-Based Access: Strict role-based access controls ensure employees only access data necessary for their job functions.
- Multi-Factor Authentication: MFA is required for all employee access to production systems.
- Audit Logging: All access to customer data is logged and auditable.
- Least Privilege: Systems are configured with minimal necessary permissions following the principle of least privilege.
Application Security
Secure Development
- Security Reviews: All code changes undergo security review before deployment.
- Dependency Scanning: Automated scanning identifies vulnerabilities in third-party dependencies.
- Static Analysis: Code is analyzed for security issues during development.
- Penetration Testing: Regular third-party penetration tests identify potential vulnerabilities.
Authentication
- Secure Authentication: Powered by Clerk, a SOC 2 compliant authentication provider.
- Password Requirements: Strong password policies enforce minimum complexity requirements.
- Session Management: Secure session handling with automatic timeout and token rotation.
- OAuth Integration: Secure OAuth 2.0 flows for third-party integrations.
Compliance
HIPAA-Informed Security Practices
Dashboard AI follows security practices informed by HIPAA guidelines to help protect sensitive data. While we are not HIPAA certified, our security program incorporates the following measures:
- Administrative, physical, and technical safeguards
- Comprehensive audit logging of data access
- Employee training on data privacy requirements
- Incident response procedures for security events
For questions about handling sensitive data, contact us at compliance@dashboard-ai.co
SOC 2 Aligned Practices
Our infrastructure and security controls follow practices aligned with SOC 2 Trust Service Criteria. We are working toward formal certification and currently maintain controls across the following areas:
- Security: Protection against unauthorized access
- Availability: Systems are available for operation and use
- Confidentiality: Confidential information is protected
- Privacy: Personal information is collected and used appropriately
GDPR Compliance
For customers in the European Union, we comply with GDPR requirements including:
- Data Processing Agreements (DPAs) available
- Support for data subject rights (access, deletion, portability)
- Standard Contractual Clauses for international data transfers
- Data minimization and purpose limitation
Incident Response
We maintain a comprehensive incident response plan that includes:
- Detection: Automated systems detect potential security incidents 24/7.
- Response: Security team responds to incidents within defined SLAs.
- Notification: Affected customers are notified within 72 hours of confirmed breaches.
- Remediation: Root cause analysis and remediation for all incidents.
- Post-Incident Review: Lessons learned are incorporated into security improvements.
Vendor Security
We carefully vet all third-party vendors and require them to meet our security standards:
- SOC 2 certification or equivalent required for vendors handling customer data
- Data Processing Agreements with all vendors
- Regular vendor security assessments
- Minimal data sharing based on necessity
Employee Security
- Background Checks: All employees undergo background checks.
- Security Training: Regular security awareness training for all employees.
- Access Reviews: Quarterly access reviews ensure appropriate permissions.
- Confidentiality Agreements: All employees sign confidentiality agreements.
Reporting Security Issues
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly:
- Email: security@dashboard-ai.co
- Response Time: We will acknowledge within 24 hours
- Safe Harbor: We will not take legal action against good-faith security researchers
Contact Us
For security questions or to request security documentation, contact us at:
Dashboard AI
15 Benton Drive
East Longmeadow, MA 01028
Security Team: security@dashboard-ai.co
Compliance: compliance@dashboard-ai.co
General: support@dashboard-ai.co