Security

Dado has been designed and built from the ground up with security in mind.
Protecting our customers’ data is our top priority.

Our SOC2 Type II report provides assurance to our customers and partners that Dado uses secure systems and processes to safeguard their data.

Dado is GDPR compliant, handling all personal data in accordance with the latest EU laws.

In order to safeguard the data that is entrusted to us, Dado utilizes a defense-in-depth approach to implement layers of security controls throughout our organization. Key elements of our different control layers are outlined below.

Systems controls

Full encryption

By default, Dado encrypts data in transit (using SSL and TLS 1.2+) and at rest (using two encryption layers).

Secure architecture

Our serverless, micro-service based architecture reduces the attack surface, and enables physical separation between services and environments, as well as granular access control.

Industry-leading infrastructure

Dado’s systems run on Google Cloud, an industry leader in providing secure cloud environments, and utilizes the broad range of security features of the platform.

Comprehensive monitoring

Dado uses a wide range of system monitoring, logging and real-time alerting, as well as regular vulnerability and static code scans

Automated back-ups

Data in the application database and filestores is backed up for disaster recovery purposes daily. Data restoration procedures are tested annually.

Regular penetration testing

Dado commissions external security assessments and penetration testing by a vetted third party annually, and resolves any issues identified within SLAs.

People and process controls

Least privilege, role-based access

Access to all systems is granted on a least privilege model, based on role requirements, and audited quarterly. SSO and MFA are enforced where-ever available.

Security training

Employees receive security training upon starting work and annually thereafter. Software engineers receive additional training on secure coding practices.

Background screening

Employees who will have access to secure systems or customer data are screened before they start work, including criminal records and reference checks.

Change management process

Dado’s structured approach to software changes requires all alterations to be reviewed from a product, technical and security perspective before release. Deployment privileges are tightly restricted.

Vendor assessment

Our vendor management program ensures all service providers meet Dado’s security and privacy standards. Vendors with a critical role in our business or with access to confidential or sensitive data are reviewed annually.

Risk management

Dado conducts annual risk assessments and maintains a formal risk register. Our Risk Committee meets monthly to review policies and update and define controls and procedures.

Privacy & GDPR

Data storage and destruction

Dado is a bridging system between other tools and stores no more data than strictly necessary. In accordance with GDPR laws all other user-related information is discarded after the legally required thresholds.

Sub-processor management

Dado reviews the data protection policies and GDPR compliance of all sub-processors and maintains a list of data sub-processors.

Privacy policy

Dado takes user privacy seriously and has strict policies to keep personally identifiable information safe. Visit our privacy policy page for more information.

For further questions, or to confidentially report security vulnerabilities, contact security @ dadohr.com

Book a Demo