Security and Privacy

Security and efficiency is of big importance for us. Day by day, we aim at maintaining the highest security standards to let you trade data safely and easily

Privacy-by-design and by-default

Dawex Data Exchange technology users retain full control over their visibility: they decide the level of information they share and with whom when using Dawex technology.

All their personal and activity-related data are encrypted.

When leveraging Dawex Data Exchange technology, personal and non-personal data can be collected when creating an account and allow communications between members of a Data Exchange Platform, to use the features of the technology, to perform the transaction between data providers and data acquirers and to manage the relationship between Dawex and its customers.These data are strictly used to ensure the proper use of the technology and transactions.

Team processes and involvement

Security and confidentiality are corporate values at Dawex. Attitudes and procedures related to the data, the platform and the information security are a constant concern for all on-boarded team members. Upon joining, they receive security and confidentiality formation, followed by regular technical training.

Access to the different levels of information and IT administration is carefully controlled and audited. Corporate systems, data and sensitive mails are encrypted, and internal communication exclusively uses secure channels.

Working tools are audited and accounts must follow strong authentication. Every employee and subcontractor at Dawex has signed a Non-Disclosure Agreement.

Data Protection Regulations

Dawex is committed to helping its customers understand the rights and obligations under the European General Data Protection Regulation (GDPR).

Dawex has introduced tools and processes to ensure its compliance with requirements imposed by the GDPR and to help our customers comply as well.

Dawex Data Exchange technology has been designed with the required features to adapt to other personal data regulations, like the California Consumer Privacy Act (CCPA), the Lei Geral de Proteção de Dados (LGPD) in Brazil or the Act on Protection of Personal Information (APPI) in Japan, and enable users to manage their data exchange respectful of those regulations.

Identity protection

The account authentication of Dawex Data Exchange technology end-users is handled exclusively via encrypted channels, using secure algorithms and strong keys. Dawex supports two-factor authentication, and all sensitive actions require confirmation.

At Dawex, trust is paramount. We have implemented a mandatory and strict trusting process to give the Data Exchange technology orchestrators tools to create and manage their own secure and trusted data exchange ecosystem.

Data security

Dawex activity focuses on data. Our technology uses asymmetric encryption protocols to store and transmit data.

Data is replicated in real-time to several locations in the same legal area.

Payment and transaction integrity

Dawex Data Exchange technology supports the integration of most local or international payment gateways to operate online payments. Dawex has chosen the certified payment infrastructure Stripe as its standard Payment Service Provider. Any payment data is directly transmitted from a user to their API through an encrypted channel and none is sent to Dawex servers.

Software security and high-availability

Dawex uses the latest stable version for its software and systems, which are hardened and follow a minimal installation policy. Systems and software updates are tested before being applied, and security patches are systematically applied.

Developments come under a systematical peer-review and must be validated by quality and security analysis tools. They respect the technical knowhow standards and follow a continuous integration process.

Software architecture is fully modular and highly available. All systems are redundant and all traffic reaches resilient systems through duplicated network and security appliances.

Physical infrastructures and business continuity

Dawex Data Exchange technology is designed to work with main market cloud solutions all around the world, and can be easily provided to different cloud operators using infrastructure as code. We choose ISO 27001 infrastructures, which meet all physical, environmental, software security compliance requirements and data protection rules and regulations. Dawex receives and reviews its cloud providers’ SOC1 and SOC2 reports every 6 months under NDA.

To ensure business continuity, systems and data are always replicated on at least two sites. Configurations and code are backed up twice a day, encrypted, and stored in 3 different locations.

Internet security

All IP incoming traffic is DDoS mitigated by our operator. Dawex Data Exchange Platforms and API are only accessible through encrypted protocols. Streams are filtered by reverse proxies and isolated by network Access Control List (ACL).

Audits and responsible disclosure

Regular security audits are conducted on our platform and its code.

Our security team is committed to concentrate all efforts to verify and solve any discovered potential security vulnerability. We truly encourage responsible reporting of any security issue that you may find on the data marketplace.