Security and efficiency is of big importance for us. Day by day, we aim at maintaining the highest security standards to let you trade data safely and easily.
You retain full control over your visibility on the data marketplace: you decide the level of information you share and with whom.
All your personal and activity-related data is encrypted.
We do not sell or distribute any of the data from your profile or your activities on the platform. We only use identity information to verify the identity of our members.
Your account authentication on the platform is handled exclusively via encrypted channels, using highly secure keys and encryption algorithms. We support two-factor authentication, and all sensitive actions require confirmation.
At Dawex, trust between members and companies is a core value. Before accessing the data marketplace, a mandatory and strict trusting process is applied to each account to validate its identity.
Our activity focuses on data. We use asymmetric encryption protocols to store and transmit data. The encryption process is designed to store decryption keys and data hosted on geographically and contractually distinct data centers.
Data is replicated in real-time to other geographical locations in the same legal area.
Payment and transaction integrity
Payments are processed through our partner Mangopay, a Payment Service Provider which is compliant with the Payment Card Industry Data Security Standard (PCI-DSS).
Any payment data is directly transmitted from you to their API through a ciphered channel and none is sent to our servers.
Dawex, as a data marketplace, implements the "Know Your Customer" (KYC) validation process, which furthers strengthens the trust of Dawex members.
During a data transaction, a licensing contract is generated between the buyer and the data provider. We developed a Smart Contract, published in the Ethereum Blockchain, to offer a service that provides guarantees of integrity and authenticity to the licensing contract signers.
Software security and high-availability
We use the latest stable version for our software and systems, which are hardened and follow a minimal installation policy. Systems and software updates are tested before being applied, and security patches are systematically applied.
Developments come under a systematical peer-review and must be validated by quality and security analysis tools. They respect the technical knowhow standards and follow a continuous integration process.
Software architecture is fully modular and highly available. All systems are redundant and all traffic reaches resilient systems through duplicated network and security appliances.
Physical infrastructures and business continuity
Our platform is designed to work with main market cloud solutions all around the world, and can be easily provided to different cloud operators through API scripts. We choose ISO 27001 infrastructures, which meet all physical, environmental, software security compliance requirements and data protection rules and regulations.
To insure business continuity, systems and data are always replicated on at least two sites. Configurations and code are backed up twice a day, encrypted, and stored in 3 different locations.
All IP incoming traffic is DDoS mitigated by our operator. Dawex application and API are only accessible through encrypted protocols. Streams are filtered by reverse proxies and isolated by network Access Control List (ACL).
Routes and network appliances are resilient.
A Content Delivery Network works to offer the best bandwith anywhere you come from. All Internet gateways operate in high-availability on two different geographical availability zones.
Team processes and involvement
Security and confidentiality are corporate values at Dawex. Attitudes and procedures related to the data, the platform and the information security are a constant concern for all on-boarded team members. Upon joining, they receive security and confidentiality formation, followed by regular technical training.
Access to the different level of information and IT administration is carefully controlled and audited. Corporate systems, data and sensitive mails are encrypted, and internal communication exclusively use secure channels.
Working tools are audited and accounts must follow strong authentication. Every employee at Dawex has signed a Non-Disclosure Agreement.
Audits and responsible disclosure
Regular security audits are conducted on our platform and its code.
Our security team is committed to concentrate all efforts to verify and solve any discovered potential security vulnerabilities. We truly encourage responsible reporting of any security issue that you may find on the data marketplace.