Dashdig

Security practices

How we protect your data and our infrastructure.

Infrastructure

  • All API and dashboard traffic over HTTPS (TLS).
  • Data at rest encrypted (MongoDB Atlas, default encryption).
  • Secrets and sensitive fields encrypted at the application layer (AES-256-GCM) where required.

Authentication & access

  • Two-factor authentication (2FA) via TOTP and backup codes.
  • Enterprise workspaces can enforce 2FA for all members.
  • Session management: view and revoke active sessions.
  • Password policy (Enterprise): complexity, expiration, reuse prevention.

Compliance

We are building toward SOC 2 Type II. Security headers (CSP, HSTS, X-Frame-Options), request tracing (X-Request-ID), and regular dependency audits are in place.

Back to home · Compliance