Our promise to you

We’re committed to doing the right thing for your money by keeping it secure and delivering services that are in the best interest of you and your wealth.

Our promise to you
Our promise to you

We are SEC-licensed

We received our Securities Business License Type C - Private Fund Management (Lor Khor-0136-01) by the Ministry of Finance and is regulated under the Securities and Exchange Commission (SEC).

We comply with the strictest international capital, compliance, auditing, and reporting requirements, and follow the SEC regulations.

fund manager top illustrator
We keep our funds separate from yours

As of April 2021, we've raised $61.4 million USD to fund our operations. This money pays our salaries, rent, and bills.
The funds we use for our operations are in a completely separate bank account from your money.

Where is your money kept?

Your money belongs to you, not us. In an unlikely bankruptcy event, any money held in a trust or custodian account can’t be touched.

fund manager main illustrator
For investment portfolios
fund manager leftCardInfo illustrator

The custodian of your private fund is Kasikorn Bank, having met all requirements of the SEC.

fund manager leftCardInfo illustrator

Your purchased securities and offshore funds are held through Saxo Capital Markets in offshore custodian accounts with Citibank and HSBC, respectively.

You and your money are in safe hands

Withdrawal verification

We’ll always send you email notifications every time you make a transfer or withdrawal. For your security, any suspicious transfers will be automatically flagged for investigation.

Withdrawal verification

Two-factor authentication

To keep your account secure, we require you to set up two-factor authentication (2-FA) when you sign up. You’ll also need to enter a one-time password (OTP) whenever you log in from a new device or update your account.

Two-factor authentication

Secure server infrastructure

Your data is protected by a secure server infrastructure that we built and actively manage.

  • Regular whitebox and blackbox testing ensure that cyber attacks wouldn’t compromise our multi-layered defense mechanism
  • Hosted on Amazon Web Services and monitored 24/7
  • Intrusion detection systems and security measures to safeguard your data
Secure server infrastructure

Manage your wealth with confidence

 

Download our mobile app

Manage your wealth with confidence
Manage your wealth with confidence

Frequently Asked Questions

We do not outsource customer service to third party providers. All our staff are trained in-house so that we have tighter controls over the onboarding process, and our Client Engagement team does not forward customer documents to any other department in the company.

Access to our corporate network is only for authorized personnel and specific devices. We practice the Principle of Least Privilege, where we only assign just enough access for a staff to perform his/her job. Hence only very limited staff have access to customer information.

We are also compliant with the Personal Data Protection Act and MAS Technology Risk Management (TRM) Guidelines.

Your security is incredibly important to us. As required by the Securities and Exchange Commission to verify your identity, we require you to upload a copy of your Thai national ID and passport for Thai citizens or your passport and proof of mailing address for foreigners.

At StashAway, we take security seriously and strive to ensure that while we focus on customer experience, usability, and product reliability, it is secured as well. However, nothing is perfect and we encourage the reporting of suspected vulnerabilities or weaknesses in our IT services and systems through our Vulnerability Disclosure Programme (VDP).

You can find more information on how to report here.

Please also note that the VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations (e.g. Computer-related Crime Act). For the avoidance of doubt, attempts to exploit or test suspected vulnerabilities (e.g. gaining unauthorised access to any computer program or data) are prohibited.

View more FAQs