Internal note: Notify of changes
Summary
Dashlane aligns with globally recognized security and privacy standards to ensure enterprise trust and transparency. Our compliance framework is regularly validated through independent third-party audits and certifications, reflecting our ongoing commitment to robust security governance.
For up-to-date details, visit the Dashlane Trust Center.
9.1 Certifications
SOC 2 Type II
Dashlane undergoes annual SOC 2 Type II audits conducted by independent assessors. These reports validate the design and operational effectiveness of our security, availability, and confidentiality controls across infrastructure, development, and operations.
ISO/IEC 27001
Dashlane maintains an ISO/IEC 27001 certification for its Information Security Management System (ISMS), which governs risk management, control implementation, and continuous improvement across our services and internal processes.
GDPR & CCPA
Dashlane is fully compliant with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our data collection and processing practices are grounded in strong privacy principles, including data minimization, purpose limitation, and user control.
9.2 Data Residency & Privacy
Dashlane is built on a zero-knowledge foundation, ensuring that encrypted user data remains private even within multi-region deployments.
- End-to-end encryption: User data is encrypted on the device before synchronization and remains encrypted at rest, in transit, and in use.
- Secure enclaves for separation of duties: Cloud secure enclaves (AWS Nitro Enclaves) isolate cryptographic operations, ensuring no Dashlane employee or system can access decrypted data.
- Data Processing Agreement (DPA): A DPA is available to enterprise customers, formalizing our commitment to data protection and regulatory compliance.
9.3 Supporting Enterprise Compliance
Dashlane supports organizations in meeting their own compliance objectives through transparent documentation, auditable controls, and integration with enterprise security frameworks.
- Detailed documentation: The Dashlane Trust Center provides customers and prospects with self-service access to security information, including technical documentation, audit summaries, encryption architecture documents, and compliance reports for due diligence and vendor assessments.
- Exportable logs: Admins can export detailed activity and audit logs for alignment with frameworks such as ISO 27001, SOC 2, NIST 800-53, or CIS.
- SCIM-based provisioning: Automated user lifecycle management enforces least privilege and ensures compliance hygiene during onboarding and deprovisioning.
- Role-based access and SSO: Granular access controls, combined with SAML-based authentication, strengthen identity assurance and compliance posture.
- Code auditability: Dashlane’s client applications are source available, allowing external experts and customers to review and validate security practices. Source code is available on GitHub for iOS, Android, and the web extension.
9.4 Patents
Dashlane’s security innovations are protected by multiple granted patents and supported by active applications. The list below excludes abandoned filings and reflects our current portfolio.
9.4.1 Granted Patents
| Patent Title | Patent Number (Grant Date) | Summary |
| Cloud-based data backup and sync with secure local storage of access keys | US 9,330,245 (May 3, 2016) | Secure vault synchronization with local key storage in a zero-knowledge model |
| Master password reset in a zero-knowledge architecture | US 10,432,397 (Oct 1, 2019) | Secure recovery while preserving zero-knowledge guarantees |
| Methods and systems for user authentication | US 10,574,648 (Feb 25, 2020) | Passwordless authentication via challenge/response |
| Zero‑knowledge architecture between multiple systems | US 10,848,312 (Nov 24, 2020) | Inter‑system vault synchronization without exposing keys |
| Resume user session in a zero‑knowledge architecture on an insecure platform | US 10,904,004 (Jan 26, 2021) | Session resumption while maintaining zero‑knowledge |
| Crowdsourced learning engine for semantic analysis of webpages | US 11,080,597 (Aug 3, 2021) | Semantic analysis to drive secure and accurate autofill |
| Multiple relying parties in a single‑sign‑on environment | US 12,052,232 (Jul 30, 2024) | SSO architecture supporting multiple relying parties |
| Integration of Identity Access Management Infrastructure with Zero‑Knowledge Services | US 18/124,326 (Oct 21, 2025) | IAM integration with zero‑knowledge services in cloud secure enclaves |
9.4.2 Active Applications
| Application Title | Application No. (Publication/Status) | Summary |
| Authentication with Cloud‑Based Secure Enclave | US 18/417,228 , US‑2024‑0283664‑A1 (published Aug 22, 2024) | Attested cryptographic operations in cloud secure enclaves |
| Systems and Methods for Analysis of Hypertext Markup Language (HTML Embeddings) | US 18/735,711 (pending) | Robust analysis of web markup to improve security automation |
| Device‑to‑Device Secret Transfer, Systems and Methods to Transfer High‑Entropy Keys | US 18/906,749 (pending) | Secure proximity/remote secret exchange between devices |
| Systems and Methods for Enhanced Security Using Low‑Entropy Secrets on Insecure Environments (PIN on Web) | US 18/984,084 (pending) | PIN‑based protections for web contexts |
| Zero‑Knowledge, Secure and Private Monitoring Channel of Web Activities for Unauthenticated Users | US 19/267,168 (pending) | Private monitoring channel to enable risk telemetry without vault access |
| Multi‑Factor Anti‑Phishing Systems and Methods | US 63/749,081 (pending) | Multi‑signal anti‑phishing with ML and crowdsourcing |
9.5 Publications
Dashlane promotes transparency and industry collaboration through active knowledge sharing:
- Engineering blog posts: Our Engineering team regularly publishes articles on security, architectural design, and Dashlane innovation and practices on the Dashlane blog.
- Conference participation: Dashlane’s Security and Engineering leaders frequently speak at international cybersecurity and technology events to share insights on credential security, zero-knowledge architectures, and digital identity.
Community engagement: Dashlane is a board member of the FIDO Alliance and contributes to open standards bodies, including the W3C Web Extension Community Group. We participate in secure software design initiatives, including the CISA Secure by Design pledge, reflecting our ongoing commitment to a safer internet ecosystem.