Information Security Policy

Document Version: 3.2 - Public

Last Updated: September 2025

Next Review Date: December 2025

Contact: support@dexlabs.io

📋 Detailed Security Documentation

This is the public version of our Information Security Policy. For organizations requiring more detailed security documentation, including technical specifications, implementation details, and compliance reports, please contact us at support@dexlabs.io. We provide comprehensive security documentation on an on-demand basis to support your vendor assessment and compliance requirements.

1. Our Security Commitment

Key Principles:

  • Comprehensive security framework protecting all customer data and operations
  • Control/data plane architecture ensuring complete customer data sovereignty
  • Industry-leading security standards and compliance frameworks
  • Continuous security monitoring and improvement programs

1.1 Security Mission

dex Tecnologia LTDA is committed to maintaining the highest standards of information security to protect our customers' data, business operations, and privacy. This policy demonstrates our dedication to implementing enterprise-grade security controls while enabling innovative data engineering solutions.

1.2 Customer Data Protection Promise

We understand that your data is your most valuable asset. Our security framework is designed around a fundamental principle: your data remains exclusively under your control. Through our innovative control/data plane architecture, customer business data never leaves your own cloud environment, ensuring complete data sovereignty and regulatory compliance.

1.3 Our Unique Architecture

dex operates using a sophisticated control and data plane separation that provides unmatched security and compliance benefits:

  • Control Plane (dex-managed): Our platform manages orchestration, workflow coordination, user interfaces, and system monitoring without ever accessing your business data.
  • Data Plane (customer-controlled): All your sensitive business data remains exclusively within your own cloud infrastructure (Amazon S3, Google BigQuery, Google Cloud Storage). We never store, cache, or process your business data on our systems.

This architectural approach ensures that your data enjoys the same security protections as your existing cloud infrastructure while benefiting from our advanced data engineering capabilities.

2. Security Standards and Compliance

Our Commitments:

  • AWS Well-Architected Security Pillar implementation
  • OWASP security guidelines adherence
  • Target SOC 2 Type I certification by Q2 2026
  • Full GDPR and LGPD compliance for international operations
  • Regular third-party security assessments

2.1 Industry Standards

We align our security practices with globally recognized frameworks including the AWS Well-Architected Security Pillar, OWASP Security Guidelines, and ISO 27001 principles. Our approach ensures comprehensive security coverage while preparing for formal compliance certifications.

2.2 Regulatory Compliance

dex maintains full compliance with applicable data protection regulations including GDPR for European customers and LGPD for Brazilian operations. Our architectural approach simplifies compliance by ensuring your data processing occurs within your own jurisdiction and security controls.

2.3 Continuous Certification

We are actively pursuing SOC 2 Type I certification to provide third-party validation of our security controls. Through our AWS partnership, we inherit numerous enterprise-grade security certifications and maintain alignment with global security standards.

3. Access Control and Authentication

Security Features:

  • Multi-factor authentication required for all system access
  • Role-based access control with least privilege principles
  • Customer-controlled access through dual-layer security model
  • Regular access reviews and automated provisioning/deprovisioning

3.1 Strong Authentication

Every interaction with dex systems requires multi-factor authentication, ensuring that only authorized individuals can access platform capabilities. We implement zero-trust principles where authentication is required for every system interaction.

3.2 Customer-Controlled Access

Our unique architecture means that even after authenticating with dex, users must also satisfy your organization's own cloud security requirements to access data and execute operations. This dual-layer approach provides enhanced protection through customer-controlled security policies.

3.3 Privileged Access Management

Access to sensitive system functions follows strict approval processes with regular reviews to ensure continued appropriateness. We implement the principle of least privilege throughout our systems, ensuring users receive only the minimum access necessary for their functions.

4. Data Protection and Encryption

Encryption Standards:

  • Industry-standard encryption for all data in transit and at rest
  • Advanced key management with automated rotation
  • Customer data sovereignty with zero data persistence on dex systems
  • Complete audit trails for all data operations

4.1 Comprehensive Encryption

All data communications utilize TLS 1.3 encryption, providing strong protection against interception. Customer credentials and sensitive information receive additional encryption layers using advanced cryptographic techniques.

4.2 Your Data Stays Yours

Our architectural approach ensures that your business data never leaves your cloud environment. Data flows directly from third-party APIs (like TikTok Shop) into your own storage systems, with dex orchestrating the processing without ever storing or caching your information.

4.3 Audit and Transparency

Complete audit trails document all data operations, providing full transparency into how your data is accessed and processed. These logs support compliance requirements and incident investigation capabilities.

5. Infrastructure Security

Technical Safeguards:

  • Enterprise-grade cloud infrastructure with multi-region deployment
  • Advanced threat detection and monitoring systems
  • Automated security scanning and vulnerability management
  • Container security with image scanning and validation

5.1 Cloud-Native Security

Our infrastructure leverages AWS enterprise security controls, including native firewalls, DDoS protection, and comprehensive monitoring systems. Multi-region deployment provides both security and operational resilience.

5.2 Automated Security

Continuous security monitoring provides real-time threat detection and automated response capabilities. Our development pipeline includes automated security scanning to identify and address vulnerabilities before they reach production systems.

5.3 Container and Application Security

All applications run in secure containerized environments with comprehensive image scanning and validation. Our development practices follow secure coding guidelines with regular security assessments.

6. Business Continuity and Availability

Resilience Features:

  • Automated backup systems with encrypted storage
  • Multi-region deployment for high availability
  • Disaster recovery testing and validation procedures
  • Scalable architecture supporting business growth

7. Privacy and Data Rights

Privacy Commitments:

  • Privacy by design implementation across all systems
  • Comprehensive data subject rights support (access, portability, deletion)
  • Global privacy regulation compliance (GDPR, LGPD, CCPA)
  • Transparent data processing practices with customer control

8. Security Assessment and Validation

Validation Programs:

  • Regular third-party security assessments and penetration testing
  • Continuous vulnerability scanning and management
  • Compliance audits and certification processes
  • Customer security reviews and documentation support

9. Contact and Support

9.1 Security Team

For security-related questions, concerns, or incident reporting:

Email: support@dexlabs.io

Website: https://www.dexlabs.io

Business Hours: Standard support during business hours, emergency response available 24/7

9.2 Compliance and Privacy

For compliance-related inquiries, data processing questions, or privacy concerns:

General Inquiries: support@dexlabs.io

Privacy Requests: Include "Privacy Request" in subject line

Company Information: dex Tecnologia LTDA, CNPJ: 48.412.896/0001-42

Policy Updates and Transparency

This security policy is reviewed quarterly and updated as needed to reflect changes in our security practices, regulatory requirements, or business operations. We notify customers of material changes to our security practices and maintain transparency about our ongoing security improvements.

For the most current version of this policy and additional security information, visit our website at https://www.dexlabs.io/security.

This policy demonstrates dex's commitment to maintaining the highest standards of information security while enabling innovative data engineering solutions for our customers.