Security at Dashboard AI

Your data security is our top priority. We implement enterprise-grade security measures to protect your information at every level.

Last updated: January 7, 2026

SOC 2 Aligned

Security Practices

HIPAA Practices

Security Standards

AES-256

Encryption at Rest

TLS 1.3

Encryption in Transit

Our Security Commitment

At Dashboard AI, security is not an afterthought—it's built into everything we do. We understand that you're trusting us with your business data, and we take that responsibility seriously.

Infrastructure Security

Cloud Infrastructure

Hosted on trusted cloud infrastructure with 99.9% uptime SLA, automatic failover, and geographic redundancy.

Network Security

Enterprise-grade firewalls, DDoS protection, and intrusion detection systems protect our network perimeter 24/7.

Monitoring

Continuous security monitoring, log analysis, and automated alerts detect and respond to threats in real-time.

Backups

Automated daily backups with point-in-time recovery. Backups are encrypted and stored in geographically separate locations.

Data Protection

Encryption

  • In Transit: All data transmitted to and from Dashboard AI is encrypted using TLS 1.3, the latest and most secure protocol available.
  • At Rest: All stored data is encrypted using AES-256, an industry-standard encryption algorithm used by governments and financial institutions.
  • Database Encryption: Database connections use SSL/TLS encryption, and sensitive fields are additionally encrypted at the application level.

Access Controls

  • Role-Based Access: Strict role-based access controls ensure employees only access data necessary for their job functions.
  • Multi-Factor Authentication: MFA is required for all employee access to production systems.
  • Audit Logging: All access to customer data is logged and auditable.
  • Least Privilege: Systems are configured with minimal necessary permissions following the principle of least privilege.

Application Security

Secure Development

  • Security Reviews: All code changes undergo security review before deployment.
  • Dependency Scanning: Automated scanning identifies vulnerabilities in third-party dependencies.
  • Static Analysis: Code is analyzed for security issues during development.
  • Penetration Testing: Regular third-party penetration tests identify potential vulnerabilities.

Authentication

  • Secure Authentication: Powered by Clerk, a SOC 2 compliant authentication provider.
  • Password Requirements: Strong password policies enforce minimum complexity requirements.
  • Session Management: Secure session handling with automatic timeout and token rotation.
  • OAuth Integration: Secure OAuth 2.0 flows for third-party integrations.

Compliance

HIPAA-Informed Security Practices

Dashboard AI follows security practices informed by HIPAA guidelines to help protect sensitive data. While we are not HIPAA certified, our security program incorporates the following measures:

  • Administrative, physical, and technical safeguards
  • Comprehensive audit logging of data access
  • Employee training on data privacy requirements
  • Incident response procedures for security events

For questions about handling sensitive data, contact us at compliance@dashboard-ai.co

SOC 2 Aligned Practices

Our infrastructure and security controls follow practices aligned with SOC 2 Trust Service Criteria. We are working toward formal certification and currently maintain controls across the following areas:

  • Security: Protection against unauthorized access
  • Availability: Systems are available for operation and use
  • Confidentiality: Confidential information is protected
  • Privacy: Personal information is collected and used appropriately

GDPR Compliance

For customers in the European Union, we comply with GDPR requirements including:

  • Data Processing Agreements (DPAs) available
  • Support for data subject rights (access, deletion, portability)
  • Standard Contractual Clauses for international data transfers
  • Data minimization and purpose limitation

Incident Response

We maintain a comprehensive incident response plan that includes:

  • Detection: Automated systems detect potential security incidents 24/7.
  • Response: Security team responds to incidents within defined SLAs.
  • Notification: Affected customers are notified within 72 hours of confirmed breaches.
  • Remediation: Root cause analysis and remediation for all incidents.
  • Post-Incident Review: Lessons learned are incorporated into security improvements.

Vendor Security

We carefully vet all third-party vendors and require them to meet our security standards:

  • SOC 2 certification or equivalent required for vendors handling customer data
  • Data Processing Agreements with all vendors
  • Regular vendor security assessments
  • Minimal data sharing based on necessity

Employee Security

  • Background Checks: All employees undergo background checks.
  • Security Training: Regular security awareness training for all employees.
  • Access Reviews: Quarterly access reviews ensure appropriate permissions.
  • Confidentiality Agreements: All employees sign confidentiality agreements.

Reporting Security Issues

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly:

  • Email: security@dashboard-ai.co
  • Response Time: We will acknowledge within 24 hours
  • Safe Harbor: We will not take legal action against good-faith security researchers

Contact Us

For security questions or to request security documentation, contact us at:

Dashboard AI

15 Benton Drive

East Longmeadow, MA 01028