Security

Our systems are designed so that only authorized users can take authorized actions, and with end-to-end encryption that protects all parties involved.

For more information on DAFpay security standards, see DAFpay Security.

Secure by Design

Interaction

Chariot’s technology is built to only interact with the fields or details required to complete a task. For example, our DAFpay technology interacts only with fields in a portal that are needed to submit a grant request.

Access

Chariot follows the "principle of least privilege", meaning that access to Chariot's systems are, by default, restricted, and only granted on an as-needed, per request basis. This is true for both our clients and our internal team. All users accessing Chariot’s dashboard must have Multi-Factor Authentication (MFA) enabled to login. Chariot’s staff is also required to have MFA enabled for all internal tools and systems.

Built with the Best

Modern Technology

Chariot is hosted on AWS cloud infrastructure in the United States, leveraging years of safety enhancements to ensure maximum performance, resilience, and speed of deployment.

Encryption

Information that Chariot’s technology passes through, but does not store, (e.g. login credentials in DAFpay) is fully encrypted in both directions. We use a combination of the Transport Layer Security (TLS) and Advanced Encryption Standard (AES-256) to keep your personal information safe.

Monitoring

Chariot's infrastructure is continuously monitored using industry-leading intrusion detection systems that provide alerts for control breaches or when infrastructure needs attention. Our 24/7 on-call team ensures all alerts are acted on promptly.

Expert Advisory

Oneleet, a leading cyber security advisory firm, performs system monitoring and hosts our public trust center for maximum transparency.

External Review

Third-Party Audits & Testing

SOC 2, Type 2 Compliant
Third-Party Penetration Tests
Documentation available upon request via our trust center

InfoSec Diligence By Customers

Chariot has undergone rigorous vendor review processes with dozens of major hospital systems, universities and large multinational organizations.

Bank Partner Program

Chariot is a financial technology company, not a bank. We are a program of Column N.A., Member FDIC, which ensures that we adhere to strict security standards with ongoing monitoring and review.

At Chariot, Security Comes First

Chariot builds its products with security and transparency in mind. Review our security documentation to learn more.

PreviousTrust & Safety NextDAFpay Security

Last updated 4 days ago

hashtagSecure by Design

hashtaghandshake Interaction

hashtagdoor-closed Access

hashtagBuilt with the Best

hashtagcomputer Modern Technology

hashtaglock Encryption

hashtageye Monitoring

hashtagperson Expert Advisory

hashtagExternal Review

hashtaglist Third-Party Audits & Testing

hashtagclipboard InfoSec Diligence By Customers

hashtagbuilding Bank Partner Program

hashtagAt Chariot, Security Comes First