Security and Privacy

Security and efficiency is of big importance for us. Day by day, we aim at maintaining the highest security standards to let you trade data safely and easily.

Privacy-by-design and by-default

You retain full control over your visibility on the data marketplace: you decide the level of information you share and with whom.

All your personal and activity-related data is encrypted.

We do not sell or distribute any of the data from your profile or your activities on the platform. We use identity information to verify the identity of our members. The data collected are used to create the Dawex account, to use the features of the data marketplace, to allow the communication between members on the platform, to succeed the transaction between data providers and data buyers and to manage the relationship between Dawex and its customers.

General Data Protection Regulation (GDPR)

Dawex is committed to helping its clients understand the rights and obligations under the European General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.

Identity protection

Your account authentication on the platform is handled exclusively via encrypted channels, using highly secure keys and encryption algorithms. We support two-factor authentication, and all sensitive actions require confirmation.

At Dawex, trust between members and companies is a core value. Before accessing the data marketplace, a mandatory and strict trusting process is applied to each account to validate its identity.

Data security

Our activity focuses on data. We use asymmetric encryption protocols to store and transmit data.

Data is replicated in real-time to several locations in the same legal area.

Payment and transaction integrity

Payments are processed through our partner Mangopay, a Payment Service Provider which is compliant with the Payment Card Industry Data Security Standard (PCI-DSS).

Any payment data is directly transmitted from you to their API through a ciphered channel and none is sent to our servers.

Dawex, as a data marketplace, implements the "Know Your Customer" (KYC) validation process, which furthers strengthens the trust of Dawex members.

Contract integrity

During a data transaction, a licensing contract is generated between the buyer and the data provider. We developed a Smart Contract, published in the Ethereum Blockchain, to offer a service that provides guarantees of integrity and authenticity to the licensing contract signers.

More informations

Software security and high-availability

We use the latest stable version for our software and systems, which are hardened and follow a minimal installation policy. Systems and software updates are tested before being applied, and security patches are systematically applied.

Developments come under a systematical peer-review and must be validated by quality and security analysis tools. They respect the technical knowhow standards and follow a continuous integration process.

Software architecture is fully modular and highly available. All systems are redundant and all traffic reaches resilient systems through duplicated network and security appliances.

Physical infrastructures and business continuity

Our platform is designed to work with main market cloud solutions all around the world, and can be easily provided to different cloud operators using infrastructure as code. We choose ISO 27001 infrastructures, which meet all physical, environmental, software security compliance requirements and data protection rules and regulations. Dawex receives and reviews its cloud providers’ SOC1 and SOC2 reports every 6 months under NDA.

To ensure business continuity, systems and data are always replicated on at least two sites. Configurations and code are backed up twice a day, encrypted, and stored in 3 different locations.

Internet security

All IP incoming traffic is DDoS mitigated by our operator. Dawex application and API are only accessible through encrypted protocols. Streams are filtered by reverse proxies and isolated by network Access Control List (ACL).

A Content Delivery Network works to offer the best bandwidth anywhere you come from. All Internet gateways operate in high-availability on two different geographical availability zones.

Team processes and involvement

Security and confidentiality are corporate values at Dawex. Attitudes and procedures related to the data, the platform and the information security are a constant concern for all on-boarded team members. Upon joining, they receive security and confidentiality formation, followed by regular technical training.

Access to the different level of information and IT administration is carefully controlled and audited. Corporate systems, data and sensitive mails are encrypted, and internal communication exclusively use secure channels.

Working tools are audited and accounts must follow strong authentication. Every employee and subcontractor at Dawex has signed a Non-Disclosure Agreement.

Audits and responsible disclosure

Regular security audits are conducted on our platform and its code.

Our security team is committed to concentrate all efforts to verify and solve any discovered potential security vulnerability. We truly encourage responsible reporting of any security issue that you may find on the data marketplace.