Artificial intelligence is reshaping the way investment firms operate, from automating due diligence to enhancing investor communications. But with this power comes heightened scrutiny: Where does the data go? Who can see it? Can we really trust the system?
At Dasseti, these questions are fundamental to how we design and deploy AI across our platform. We sat down with Dasseti’s Chief Technology Officer, Graham Cambridge, who explained how Sidekick AI is built to deliver value without ever compromising confidentiality, compliance, or trust.
Before diving into AI, Graham made one thing clear: security is foundational, not an afterthought.
| “Data managed by Dasseti clients is exceptionally sensitive and any kind of breach could cause significant financial or reputational harm. As these risks are so high, security is core to how we work. It's embedded in our platform, our technology and how we operate as a business.” |
Dasseti holds SOC 2 Type II and ISO 27001 certifications, underpinned by 24/7 monitoring, role-based access controls, and frequent third-party penetration testing. These safeguards extend directly into how the platform delivers AI features.
Many AI vendors retain user inputs and outputs to monitor abuse or improve model performance which is a serious concern in highly regulated industries. Dasseti takes a different approach.
| “Some AI vendors retain a copy of client data inputs and outputs for abuse monitoring purposes. However, in our case, we've negotiated an exemption from this with Microsoft, so we can support zero data retention for our clients.” |
Through a custom agreement with Microsoft Azure, Dasseti ensures that Sidekick AI processes data without storing or training on it. Clients retain full control, and their information stays private.
One of the key ways Dasseti maintains client confidentiality is through strict data isolation. Unlike some generative tools that blend training data from multiple users, Dasseti’s Sidekick AI never crosses those boundaries.
| “Dasseti does not learn from client data across tenants. Each client's data remains strictly siloed, ensuring we're never sharing or using client data to train models.” |
This approach protects sensitive content and builds confidence that what Sidekick suggests is grounded in each client’s approved materials.
In an increasingly fragmented regulatory landscape, firms must ensure their AI partners are prepared to meet regional data laws like GDPR, CCPA, and others. Dasseti’s platform and AI tools are designed with these in mind.
| “Dasseti's AI tools are designed with compliance in mind for regulations such as GDPR and CCPA, as well as other regional requirements. We carry out an annual privacy risk assessment process, both of our organization and the vendors we use to ensure we're consistently aligned to privacy legislation globally.” |
Dasseti also supports regional data residency with multi-tenant platforms in North America and Europe, helping global clients meet their data sovereignty requirements.
Behind the scenes, Sidekick AI is integrated into a robust, scalable cloud architecture with flexibility for clients who want to connect their own enterprise systems.
| “We utilize top-tier cloud providers for our infrastructure, both AWS and Azure, arranged to be in a fault-tolerant and scalable architecture. We’re designed to be integrated with enterprise IT... with native integrations, a REST API, and single sign-on capabilities.” |
That same architecture powers not just AI features, but real-time analytics, document extraction, and automated workflows across Dasseti’s platform.
As AI capabilities expand, Dasseti’s approach remains clear: put security, transparency, and compliance first. It’s this mindset that gives clients confidence, from institutional allocators to GPs and service providers.
| “We are operating at the highest security standards, but we're always monitoring the threat landscape to ensure we're adapting, changing, and evolving our security posture to meet any new security changes as they arise.” |
Read more about Dasseti's security and data privacy policies