About Security
Product Security
Permissions - Dash Hudson enables permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, and user data.
SSO - Dash Hudson enforces Single Sign-on (SSO) which allows brands to authenticate users in their own systems without requiring them to enter additional login credentials.
Password and Credential Storage - Along with SSO, Dash Hudson enforces a password complexity standard. Credentials are stored using secure hash algorithms.
Uptime - Dash Hudson has an uptime of 99.9% or higher.
Network and Application Security
Data Hosting and Storage - Dash Hudson services and data are hosted in Amazon Web Services (AWS) facilities in the USA.
Virtual Private Cloud - All of our servers are within our own virtual private cloud (VPC) with network access control lists that prevent unauthorized requests.
Encryption - All data sent to or from Dash Hudson is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests.
Failover and DR - Dash Hudson infrastructure and data is spread across two AWS availability zones, built with disaster recovery in mind.
Back Ups and Monitoring - Dash Hudson uses Amazon RDS daily backup solution for databases that contain customer data.
Permissions and Authentication - Dash Hudson is served 100% over https. Access to customer data is limited to authorized employees who require it for their job. Dash Hudson runs a zero-trust corporate network. There are no corporate resources or additional privileges that come from being on Dash Hudson’s network. We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies on GitHub, Google, AWS, MongoDB, and Dash Hudson to ensure access to cloud services are protected.
Incident Response - Dash Hudson implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortems. All employees are informed of our policies.
Additional Security Features
Confidentiality - All Dash Hudson employment contracts include a confidentiality agreement that must be signed and returned prior to commencing employment.
Training - Annual Security and Awareness training is completed by all Dash Hudson employees.
Policies - Dash Hudson has developed, and frequently update, a comprehensive set of security policies. These policies cover a wide-range of topics and are shared with all employees.
PCI Obligations - All payments made to Dash Hudson are administered through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.