Our promise to you

We do not outsource customer service to third party providers. All our staff are trained in-house so that we have tighter controls over the onboarding process, and our Client Experience team does not forward customer documents to any other department in the company.

Access to our corporate network is only for authorized personnel and specific devices.  We practice the Principle of Least Privilege, where we only assign just enough access for staff to perform his/her job. Hence only very limited staff has access to customer information.

We have to be compliant with the Personal Data Protection Act and MAS Technology Risk Management (TRM) Guidelines to attain and maintain our Capital Markets Services License.

Your security is incredibly important to us. As required by the Monetary Authority of Singapore (MAS) to verify your identity, we require you to upload a copy of your NRIC/FIN or Passport, as well as a Proof of Residence.

If you are transferring from a non-Singapore bank account, there will be an additional verification required as per MAS regulations. Our Client Experience Team will reach out to you accordingly for this.

Your money is kept entirely separate from StashAway's finances. To ensure that we never touch your money, we use custodian banks that hold your money, whether it's in cash or in securities.

StashAway has made it a top priority to work with global, reputable banks for these purposes. Our custodian bank for receiving your deposits is DBS Bank while Saxo Capital Markets Pte Ltd or Lion Global for Simple, holds our custodian account for your investable cash and securities.

In these custodian institutions, your assets are always in a segregated account-- one that is separate from StashAway's operations and assets. This means that you will always have full access and claim to your assets no matter what happens to StashAway.

At StashAway, we take security seriously and strive to ensure that while we focus on customer experience, usability and product reliability, it is secured as well. However, nothing is perfect and we encourage the reporting of suspected vulnerabilities or weaknesses in our IT services and systems through our Vulnerability Disclosure Programme (VDP). You can find more information on how to report here.

Please also note that the VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations (e.g. Computer Misuse Act). For the avoidance of doubt, attempts to exploit or test suspected vulnerabilities (e.g. gaining unauthorised access to any computer program or data) are prohibited.