Book a Demo
Talk to Sales
Book a Demo
Talk to Sales

Security

Last Updated: 3rd March 2026

Dragon is designed with security in mind. This page describes the safeguards we use to help protect your information and your account. No system is perfectly secure, but we continuously improve our controls.

1) How Dragon Protects Your Data

We use a combination of administrative, technical, and physical measures, such as:

  • Encryption in transit using TLS for data moving between your device and our systems.
  • Encryption at rest for sensitive data stored in our databases and backups (where appropriate).
  • Access controls based on least privilege, with role-based permissions for internal systems.
  • Audit logging and monitoring to detect suspicious behavior and investigate incidents.
  • Secure development practices including code review, dependency scanning, and vulnerability management.
  • Segmentation and environment controls (separate production and non-production environments).
  • Vendor security reviews for key service providers (identity verification, cloud hosting, communications, etc.), where feasible.

2) Account Security Features

Depending on your product and region, Dragon may support:

  • Multi-factor authentication (MFA) such as SMS or authenticator-based verification.
  • Device and session management (sign out of other devices, session timeouts).
  • Risk-based controls that may trigger additional verification for unusual logins or activity.

3) Fraud Prevention

We may use fraud and risk signals (e.g., device data, login patterns, transaction patterns) to:

  • detect and prevent unauthorized access,
  • reduce identity fraud,
  • limit account takeover attempts,
  • comply with AML/sanctions obligations.

4) How You Can Stay Safe

We strongly recommend:

  • Use a unique, strong password and do not reuse passwords across services.
  • Enable MFA where available.
  • Never share OTP codes or passwords with anyone (including people claiming to be Dragon).
  • Verify you are using official Dragon channels and app stores.
  • Keep your phone and OS updated, and use a device passcode/biometrics.
  • Contact us immediately if you suspect unauthorized activity.

5) Incident Response

If we detect a security incident that affects your personal information, we will:

  • investigate and take steps to contain and remediate,
  • notify affected users and/or regulators when required by law,
  • provide guidance on protective steps you can take.

6) Reporting a Vulnerability

If you believe you’ve found a security vulnerability, please email: [security@dragon.com]
 Include:

  • a description of the issue,
  • steps to reproduce,
  • any relevant screenshots/logs (avoid sending sensitive personal data).

(If you have a formal vulnerability disclosure policy or bug bounty, link it here.)

7) “Not a Bank” Reminder

Dragon is a fintech company and not a bank. If your Dragon experience involves accounts, cards, or stored value, these may be issued, held, or provided by regulated third-party partners depending on your jurisdiction and product.

8) Changes to the Services or Terms

We may update the Services and these Terms. If changes are material, we will provide notice as required by law (e.g., in-app notice). Continued use after the effective date means you accept the updated Terms.