Queries on data security and integrity at dhan

Hello team dhan, You are building a fine product and there is a long way to go before you reach a product you actually wanted to develop. Keep evolving. :orange_heart:
But me being a infosec guy want to have a few questions answered from the founder himself, as to me an ethical and progessive founder gives a go ahead while using unknown products. My quick questions :

  1. Does dhan stores aadhar info other than address and DOB? (in short what exactly dhan stores)
  2. What is dhan doing on data security? (as another broker ‘upstox’ faced massive data breach earlier this year)
  3. Do you have any focused data security team?
  4. Do we have a bug bounty program open?
  5. What are your views on open source?
    Finally, what would you rate yourself based on ethics on a 10 point scale?

Thank you :slight_smile:

Hi @nix, thanks for this note.

Yes, as you said, we are new and building fast. Let me come to your questions directly

  1. Nope, we don’t save. And we are not allowed to save these details by regulation, none of the stock brokers or SEBI regulated intermediaries are permitted.
  2. Security and Safety is an ongoing process, there is no end to this. If you are in infosec, you know this much better than possibly I would.
  3. Current engg team is focussed on that, we are building this as it’s important. Also engaged with infosec focussed security partners who assess our platform independently. As a stock broker, we are subject to security audits by exchanges.
  4. No, but we will have this. Set ups a good practice. One of our users shared few observations with us, we closed and send a nice gift as well :slight_smile:
  5. Is it possible to build without open source these days?

We have shared what we stand for here: Building Dhan as Investor First Platform – Dhan Blog