Privacy & Security
Secure, encrypted and private - keeping you and your data safe.
Critical data
Infrastructure
We have taken a variety of steps to ensure security, privacy and data protection are meeting the standards set out by the ACCC. This start with our infrastructure and authentication practices:
- All data is stored and geo-fenced to Australian AWS servers
- App is only available in Australian app/play stores
- Financial data does not leave Australia
- Customer data is de-identified and encrypted at rest, and in transit
- 2FA is required for all accounts
- Complex passwords are enforced
- OTP authentication is enforced
Plus
No transactions are allowed in our app or platform for any reason at any time
Open Banking
Compliance
While we are now a CDR Representative under our data partner Yodlee, we continue to engage valuable partners to enhance our security posture and accreditation.
- Our development partner is ISO 27001 certified and history reports are required for all staff and contractors
- We carry all necessary cybersecurity insurance - reviewed annually.
Third-Party Accreditation
- CloudTrace conducts our PenTests (view attestation letter)
- Assurance Labs conducts our compliance assessments (view attestation letter)
Our CDR Approval
- ASAE 3150 certification in Feb 2024
- ACCC approval for CDR Representative status under Yodlee - Feb 2024
User Access
Permissions
We have created a permissions based system that enforces compartmentalised access to system tools and data. Only dosh staff have access to brand and staff accounts to limit access to critical access.
- Brokers can only see their own customers
- Marketing staff cannot access any financial data or reports
- We follow strict Open Banking consent requirements as defines by the ACCC
- Clients can revoke access at any time
- Clients can cancel their account with dosh at any time