Our promise to you
We’re committed to doing the right thing for your money by keeping it secure and delivering services that are in the best interest of you and your wealth.
We are SEC-licensed
We received our Securities Business License Type C - Private Fund Management (Lor Khor-0136-01) by the Ministry of Finance and is regulated under the Securities and Exchange Commission (SEC).
We comply with the strictest international capital, compliance, auditing, and reporting requirements, and follow the SEC regulations.
As of April 2021, we've raised $61.4 million USD to fund our operations. This money pays our salaries, rent, and bills.
The funds we use for our operations are in a completely separate bank account from your money.
Your money belongs to you, not us. In an unlikely bankruptcy event, any money held in a trust or custodian account can’t be touched.
The custodian of your private fund is Kasikorn Bank, having met all requirements of the SEC.
Your purchased securities and offshore funds are held through Saxo Capital Markets in offshore custodian accounts with Citibank and HSBC, respectively.
You and your money are in safe hands
Withdrawal verification
We’ll always send you email notifications every time you make a transfer or withdrawal. For your security, any suspicious transfers will be automatically flagged for investigation.
Two-factor authentication
To keep your account secure, we require you to set up two-factor authentication (2-FA) when you sign up. You’ll also need to enter a one-time password (OTP) whenever you log in from a new device or update your account.
Secure server infrastructure
Your data is protected by a secure server infrastructure that we built and actively manage.
- Regular whitebox and blackbox testing ensure that cyber attacks wouldn’t compromise our multi-layered defense mechanism
- Hosted on Amazon Web Services and monitored 24/7
- Intrusion detection systems and security measures to safeguard your data
Frequently Asked Questions
Who has access to my information?
We do not outsource customer service to third party providers. All our staff are trained in-house so that we have tighter controls over the onboarding process, and our Client Engagement team does not forward customer documents to any other department in the company.
Access to our corporate network is only for authorized personnel and specific devices. We practice the Principle of Least Privilege, where we only assign just enough access for a staff to perform his/her job. Hence only very limited staff have access to customer information.
We are also compliant with the Personal Data Protection Act and MAS Technology Risk Management (TRM) Guidelines.
How does StashAway verify my identity?
Your security is incredibly important to us. As required by the Securities and Exchange Commission to verify your identity, we require you to upload a copy of your Thai national ID and passport for Thai citizens or your passport and proof of mailing address for foreigners.
How to report security vulnerabilities?
At StashAway, we take security seriously and strive to ensure that while we focus on customer experience, usability, and product reliability, it is secured as well. However, nothing is perfect and we encourage the reporting of suspected vulnerabilities or weaknesses in our IT services and systems through our Vulnerability Disclosure Programme (VDP).
You can find more information on how to report here.
Please also note that the VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations (e.g. Computer-related Crime Act). For the avoidance of doubt, attempts to exploit or test suspected vulnerabilities (e.g. gaining unauthorised access to any computer program or data) are prohibited.