Question 1

Who has access to my information?

Accepted Answer

We do not outsource customer service to third party providers. All our staff are trained in-house so that we have tighter controls over the onboarding process, and our Client Experience team does not forward customer documents to any other department in the company.

Access to our corporate network is only for authorized personnel and specific devices. We practice the Principle of Least Privilege, where we only assign just enough access for staff to perform his/her job. Hence only very limited staff has access to customer information.

We have to be compliant with the Personal Data Protection Act and MAS Technology Risk Management (TRM) Guidelines to attain and maintain our Capital Markets Services License.

Question 2

What happens to my money if StashAway gets acquired, goes public, or closes?

Accepted Answer

Your money is kept entirely separate from StashAway's finances. To ensure that we never touch your money, we use custodian banks that hold your money, whether it's in cash or in securities.

StashAway has made it a top priority to work with global, reputable banks for these purposes. Our custodian bank for receiving your deposits is Emirates NBD while Saxo Capital Markets Pte Ltd holds our custodian account for your investable cash and securities.

In these custodian institutions, your assets are always in a segregated account-- one that is separate from StashAway's operations and assets. This means that you will always have full access and claim to your assets no matter what happens to StashAway.

Question 3

How to report security vulnerabilities?

Accepted Answer

At StashAway, we take security seriously and strive to ensure that while we focus on customer experience, usability and product reliability, it is secured as well. However, nothing is perfect and we encourage the reporting of suspected vulnerabilities or weaknesses in our IT services and systems through our Vulnerability Disclosure Programme (VDP). You can find more information on how to report here.

Please also note that the VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations (e.g. Computer Misuse Act). For the avoidance of doubt, attempts to exploit or test suspected vulnerabilities (e.g. gaining unauthorised access to any computer program or data) are prohibited.

Our promise to you

Regulated by the Dubai Financial Services Authority

For investment portfolios

For StashAway Simple™

You and your money are in safe hands

Frequently Asked Questions

Invest

Learn

About us

Connect