Legal

Security Policy

At Dashio KG, we are committed to maintaining the highest levels of security for our systems and data. We welcome responsible disclosure of any potential security vulnerabilities to ensure the safety of our services and customers.

Technical and Organizational Measures (Art. 32 GDPR)

We apply layered security controls to protect confidentiality, integrity, availability, and resilience of our services. Key measures include:

  • Access controls with least-privilege permissions and multi-factor authentication for administrative systems.
  • Encryption in transit (TLS) and at rest where supported by our infrastructure providers.
  • Continuous monitoring, logging, and alerting for security-relevant events.
  • Regular backups, disaster recovery procedures, and resilience testing.
  • Vendor security assessments and data processing agreements with subprocessors.
  • Secure development practices including dependency monitoring and vulnerability remediation.

How to Report a Vulnerability

If you believe you have found a security vulnerability, please contact us at security@dashio.net. We encourage encryption of sensitive information and provide a PGP key for secure communication:

Download PGP Key

Response and Escalation Timelines

We acknowledge receipt of security reports within 24 hours (business days) and aim to provide a triage assessment within 3 business days. Critical issues are prioritized for immediate remediation, and we will keep you informed of progress and resolution timelines.

If you do not receive a response, please escalate via management@dashio.net. For suspected active exploitation, include "URGENT" in the subject line.

Responsible Disclosure

We kindly ask you to avoid public disclosure of vulnerabilities until we have had a reasonable amount of time to address the issue. We strive to resolve all reports promptly and will notify you once the issue has been mitigated.

Certifications

Dashio KG does not currently hold formal security certifications (such as ISO 27001). We regularly review our security program and will publish updates here if certifications are obtained.

Last updated: 24.01.2026