Security and Privacy

Of critical importance, day-by-day we aim at maintaining the highest security standards to let you trade data safely and easily

Privacy-by-design and by-default

Dawex Data Exchange technology users retain full control over their visibility: they decide the level of information they share and with whom.

All their personal and activity-related data are encrypted.

When leveraging Dawex Data Exchange technology, personal and non-personal data can be collected when creating an account and allow communications between members of a Data Exchange Platform, to use the features of the technology, to perform the transaction between data providers and data acquirers and to manage the relationship between Dawex and its customers.These data are strictly used to ensure the proper use of the technology and transactions.

Team processes and involvement

Security and confidentiality are an integral part of Dawex corporate values. Attitudes and procedures related to the data, the platform and the information security are a constant concern for all on-boarded team members. Upon joining, they receive security and confidentiality information, followed by regular technical training.

Access to the different levels of information and IT administration is carefully controlled and audited. Corporate systems, data and sensitive mails are encrypted, and internal communication exclusively uses secure channels.

Working tools are audited and accounts must follow strong authentication. Every employee and subcontractor at Dawex has signed a Non-Disclosure Agreement.

Data Protection Regulations

Dawex is committed to helping its customers understand the rights and obligations under the European General Data Protection Regulation (GDPR) as well as other future European regulations such as the Data Governance Act or the Data Act.

Dawex has introduced tools and processes to ensure its compliance with requirements imposed by the GDPR and to help our customers comply as well.

Dawex Data Exchange technology has been designed with the required features to adapt to other personal data regulations, like the California Consumer Privacy Act (CCPA), the Lei Geral de Proteção de Dados (LGPD) in Brazil or the Act on Protection of Personal Information (APPI) in Japan, and enable users to manage their data exchange respectful of the regulations.

The architecture of the solution is also complying by design with the future Data Governance Act (DGA).

Identity protection

The account authentication of Dawex Data Exchange technology end-users is handled exclusively via encrypted channels, using secure algorithms and strong keys. Dawex supports two-factor authentication, and all sensitive actions require confirmation.

At Dawex, trust is paramount. We have implemented a mandatory and strict trusting process to give the Data Exchange technology orchestrators tools to create and manage their own secure and trusted data exchange ecosystem.

Data security

Dawex activity focuses on data. Our technology uses asymmetric encryption protocols to store and transmit data.

Data is replicated in real-time to several locations in the same legal area.

Payment and transaction integrity

Dawex Data Exchange technology supports the integration of most local or international payment gateways to operate online payments. Dawex has chosen the certified payment infrastructure Stripe as its standard Payment Service Provider. Any payment data is directly transmitted from a user to their API through an encrypted channel and none is sent to Dawex servers.

Software security and high-availability

Dawex uses the latest stable version for its software and systems, which are hardened and follow a minimal installation policy. Systems and software updates are tested before being applied, and security patches are systematically applied.

Developments come under a systematical peer-review and must be validated by quality and security analysis tools. They respect the technical knowhow standards and follow a continuous integration process.

Dawex infrastructure is scalable, redundant and highly available.

Physical infrastructures and business continuity

Dawex Data Exchange technology is designed to work with main market cloud solutions all around the world, and can be easily provided to different cloud operators using infrastructure as code. We choose ISO 27001 infrastructures, which meet all physical, environmental, software security compliance requirements and data protection rules and regulations. Dawex receives and reviews its cloud providers’ SOC1 and SOC2 reports every 6 months under NDA.

To ensure business continuity, systems and data are always replicated on at least two sites. Configurations and code are backed up twice a day, encrypted, and stored in 3 different locations.

Internet security

All IP incoming traffic is DDoS mitigated by our operator. Dawex Data Exchange Platforms and API are only accessible through encrypted protocols. Streams are filtered by reverse proxies and isolated by network Access Control List (ACL).

Audits and responsible disclosure

Regular security audits are conducted on our platform and its code.

In December 2020, Dawex completed the SOC 1 Type I compliance demonstrating the design of specified controls that meet the relevant trust principles.

In May 2021, Dawex completed SOC 2 Type I and SOC 3 Security and Availability Audit Certification. This milestone emphasizes Dawex continuing commitment to provide the highest level of security and availability assurance to its clients. Building on our engagement to deliver secure data exchanges, Dawex strives to exceed the highest standards for privacy and security. Security is seeped throughout all Dawex technologies to provide confidentiality, integrity, trust and business continuity. 

In April 2022, Dawex completed SOC 2 Type II Certification confirming our continued engagement in implementing the most stringent security and availability measures that align with worldwide industry standards and best practices, as set by the American Institute of Certified Public Accountants (AICPA). As more and more organizations look at creating data ecosystems, data exchange requires an advanced level of scrutiny, controls and safeguards to protect and secure our infrastructure and the solutions we deliver to our customers. Download here the SOC 3 report delivered on April 15, 2022.

Our security team is committed to concentrate all efforts to verify and solve any discovered potential security vulnerability. We truly encourage responsible disclosure of any security issue that you may find on the data marketplace.