DDashy

Dashy

Security

Last updated: 8 June 2026.

Dashy is an operational product, so security is part of the product surface rather than an afterthought.

Current controls

  • HTTPS is enforced at the edge for Dashy domains.
  • Prelaunch public surfaces are protected while the service is under active build.
  • App authentication uses secure ASP.NET Core cookie authentication patterns.
  • Health endpoints exist for deployment and uptime checks.
  • Structured logs are emitted by the app, API, worker, status, and web services.

Reporting issues

Send security concerns to security@dashy.com. Include the affected URL, reproduction steps, impact, and your contact details.

Security contact metadata

Dashy also publishes /.well-known/security.txt with the same reporting mailbox, canonical policy URL, preferred language, and expiry metadata for automated security contact discovery.

Dashy uses essential cookies and local browser storage for sign-in, security, and remembering simple UI choices. We do not currently set analytics or advertising cookies.