Privacy & Security

Secure, encrypted and private - keeping you and your data safe.

Critical data


We have taken a variety of steps to ensure security, privacy and data protection are meeting the standards set out by the ACCC. This start with our infrastructure and authentication practices:

  • All data is stored and geo-fenced to Australian AWS servers
  • App is only available in Australian app/play stores
  • Financial data does not leave Australia
  • Customer data is de-identified and encrypted at rest, and in transit
  • 2FA is required for all accounts
  • Complex passwords are enforced
  • OTP authentication is enforced


No transactions are allowed in our app or platform for any reason at any time

Open Banking


While we are now a CDR Representative under our data partner Yodlee, we continue to engage valuable partners to enhance our security posture and accreditation.

  • Our development partner is ISO 27001 certified and history reports are required for all staff and contractors
  • We carry all necessary cybersecurity insurance - reviewed annually.

Third-Party Accreditation

Our CDR Approval

  • ASAE 3150 certification in Feb 2024
  • ACCC approval for CDR Representative status under Yodlee - Feb 2024
User Access


We have created a permissions based system that enforces compartmentalised access to system tools and data. Only dosh staff have access to brand and staff accounts to limit access to critical access.

  • Brokers can only see their own customers
  • Marketing staff cannot access any financial data or reports
  • We follow strict Open Banking consent requirements as defines by the ACCC
  • Clients can revoke access at any time
  • Clients can cancel their account with dosh at any time