Skip to content
SECURITY

Built on AWS. Secured by default.

Dash-Pilot runs on Amazon Web Services and inherits the security defaults of the platform. This page describes what is in place today. Where we are headed is on the roadmap, not the headline.

Email security
THE BASELINE

What is in place today.

01 · Hosting

AWS, with security defaults on.

DashAI runs on Amazon Web Services. We use AWS-managed building blocks (VPC, IAM, RDS, KMS, CloudTrail) and follow the AWS Well-Architected security pillar. We do not run our own data centers.

02 · Encryption

Encrypted in transit and at rest.

All traffic between dealers, Dash-Pilot, and our APIs is encrypted with TLS 1.2 or above. Data at rest is encrypted using AWS-managed KMS keys.

03 · Access

Least-privilege IAM, MFA on staff accounts.

Engineering and operations access is gated by single sign-on with multi-factor authentication. IAM permissions follow the principle of least privilege, scoped to the task in front of us.

04 · APIs

Authenticated, rate-limited, audited.

Integration endpoints use token-based authentication over TLS, with per-tenant scoping and request logging. Lender and DMS interactions are isolated to the credentials the dealer authorized.

05 · AI safety

Human-in-the-loop where it matters.

Decisions with consumer-protection or fair-lending exposure surface as recommendations, not actions. The dealer's F&I manager makes the call. Our foundation-model providers are contractually barred from training on customer data.

06 · Logging

Application and access logs retained.

Application activity and authentication events are logged via AWS CloudWatch and CloudTrail. Logs are retained for incident review and customer support.

OPERATING PRINCIPLES

How we think about security.

    01

    Customer data is the customer's.

    We do not sell it. We do not use it to train models other customers see. Period.

    02

    Lean on the platform.

    AWS already gets a lot right. Wherever we can use a managed AWS service instead of rolling our own, we do, because it ships with patching, hardening, and a paper trail we did not have to build.

    03

    Least privilege for everything, including AI.

    Models, agents, and humans only get the data and actions they need for the task in front of them, and not a byte more.

    04

    Be honest about where we are.

    This page describes what is in production today. We will not list a certification we are working toward as if we already have it.

ROADMAP

Where the program is going.

In production

  • AWS-hosted environment with managed services
  • TLS in transit, AES-256 at rest with AWS KMS
  • SSO and MFA for DashAI staff
  • Application and access logging via CloudTrail and CloudWatch

Coming next

  • Formal information security policy set
  • Third-party penetration test
  • Vulnerability disclosure process at security@dashai.ai

On the roadmap

  • SOC 2 Type I, then Type II
  • GLBA Safeguards Rule documentation
  • Customer-facing trust center with documents on request

Security or compliance question?

Email security@dashai.ai. We respond within one business day with a straight answer about where we are.

Email security