DreamStart Labs, Inc. is committed to protecting the security of our users and being a proactive advocate for consumer protection. For more details about our approach to data privacy, see the “DreamStart Labs Data Privacy Policy”.
Six Key Security Principles
Our DreamSave solution for savings groups features a “secure-by-design” architecture that incorporates best-in-class security technology and processes into every aspect of the product infrastructure. This strategy is based on six key security principles:
Full Member Transparency. When groups use DreamSave, there is no way for officers to tamper with records, modify policies, conduct side deals, or make any other modification to group settings without the full group being notified.
Protect Every Layer. Every layer of the DreamSave system (apps, users, networks, compute engines, storage systems, servers) will include separate layers of best-in-class security protection so there are no weak links in the chain.
Verify Every Interaction. No user or service will be allowed to access any portion of the DreamSave system without being fully validated and authenticated first. This is essential to the design of any modern mobile solution that involves interactions between human users (members, groups, administrators, support, developers) and automated computer processes (apps, networks, storage, etc.).
Use Proven Open Systems. The underlying infrastructure of DreamSave will be based on proven components that are open, transparent, and widely available for extensive public scrutiny wherever possible. This approach, which makes extensive use of open-source software, helps ensure that security vulnerabilities in the underlying infrastructure are discovered and fixed quickly by security experts worldwide. Apps that rely on closed, proprietary infrastructure are far more vulnerable to compromise.
Assign Minimum Privileges. Any user or process in the DreamSave system will have the minimum privileges required to perform its authorized responsibilities, and no more. This design principle provides separation of duties and helps ensure that no user, administrator, or automated service has the right to access unauthorized data or perform unauthorized tasks.
Record Everything. Every activity performed anywhere in the DreamSave system, either by a human user or automated service, will be fully logged, recorded, and stored for as long as it serves a purpose for users. This helps ensure no compromise can occur without being detected and leaves a detailed audit trail for security and compliance purposes.
Security Implementation
The DreamSave system reflects these key principles in multiple ways, including the following:
- User Notification. Any financial transactions or changes to a group’s settings will trigger a notification to members to ensure transparency and trust.
- End-to-End Encryption. User data transmitted over the network during backup, synchronization, and data collection is encrypted using bank-grade AES 128-bit encryption technology (for perspective, this encryption method would take the world’s fastest supercomputer an estimated 885 quadrillion years to break1 ).
- Authentication. All data sources are verified to ensure that only valid transmissions between the DreamSave app and the DreamSave cloud are authorized.
- Data Integrity. The data itself is verified on both ends to ensure that it has not been tampered with or altered in any way while in transit. We maintain data changes using an Event Sourcing Model, which stores past actions in a log. This log keeps track of each action taken on the data, ensuring data integrity and security. It allows us to analyze past events and understand the data's history, making our system more reliable and secure.
- Attack Prevention. The network infrastructure includes multiple layers of protection to defend against denial-of-service, spoofing, man-in-the-middle, and other similar attacks. These layers include SSL/TLS and Application Firewall.
- Infrastructure Security. DreamSave is built on the Google Cloud Platform, proven at scale in the world’s most rigorously tested environments. Data transmissions must pass through multiple layers of firewalls, virtual machine container security, and certificate-based service authentication. Identities, users, and services are strongly authenticated with multiple factors.
- Data Loss Prevention. DreamSave user data is stored in secure databases. Data is replicated across two redundant clusters in separate security zones to provide robust fault tolerance, failover, and disaster recovery protection.
- Security Audits. The DreamSave cloud infrastructure is audited regularly to validate firewall ports, user accounts, and permissions. All activities leave an unalterable audit trail in detailed security logs to ensure full transparency.
Data retention and deletion
DreamStart Labs aims to only retain data necessary to support the effective use of the DreamSave app and to tailor user experiences or assistance required from our support team. The need to retain data varies widely with the type of data and the purpose for which it was collected. DreamStart Labs strives to ensure that data is only retained for the period necessary to fulfill the purpose for which it was collected and is fully deleted when no longer required. The need to retain certain information is also mandated by the California Consumer Privacy Act, as well as European Union’s GDPR.2
Contact Information
For additional questions about DreamSave security, contact us at: info@dreamstartlabs.com.
DreamStart Labs, Inc., 2907 Shelter Island Dr., Suite 105 San Diego, CA 92106, USA .
Copyright © 2024 DreamSave Security Overview - All Rights Reserved.
_______________________
1 A Complete Guide to AES Encryption, ProPrivacy.com, February 2019
2 General Data Protection Regulation (GDPR) Rules for Businesses and Organisations (2024)