Security and trust
Built so your security team can say yes.
Approval-first design, workspace-isolated execution, OAuth-based access, no training on your data, full data wipe on demand.
Workspace isolation
Every Dash workspace runs in its own execution context. Data never crosses workspace boundaries. Two customers running Dash share zero state.
OAuth-based authentication
Dash uses OAuth for every integration via Composio. We never see or store your API keys. You can revoke access for any tool in one click.
Approval flow on mutating actions
Anything that sends an email, posts publicly, writes to your CRM, or spends money requires explicit approval in Slack. Dash drafts, you ship.
Encryption at rest and in transit
All data encrypted with AES-256 at rest and TLS 1.2+ in transit. Sensitive credentials encrypted with envelope encryption.
No training on your data
Conversations and tool outputs stay yours. We use model APIs with training opt-out enabled across the board.
Clean workspace on demand
Wipe your entire Dash workspace, including memory and history, with one command. Deletion is irreversible and complete within 24 hours.
Compliance
Where we stand.
SOC 2 Type 1
In progress (target: end of 2026)GDPR
AlignedCCPA
AlignedDPA available
On requestEU data residency
Available on EnterpriseSub-processors
Who Dash works with.
We use a short list of trusted vendors. All sub-processors are reviewed annually.
- Anthropic Model inference, opted-out of training
- Composio OAuth integration catalog
- Browserbase Cloud browser sandbox
- E2B Code execution sandbox
- AWS Hosting, US-East and EU-West
- Stripe Payment processing
Have a security question?
Email [email protected] or ask for our security overview deck.
Contact security