Data Ownership, Information Security and Third Party Risk Management
We work with some of the largest global investment banks, handling their private and confidential information. We maintain a state of the art information and cyber security posture and have all the controls and documentation in place to not only give peace of mind to our customers, but also to minimise the administrative friction in the onboarding process.
We can provide externally verified mappings of our security controls for the most important global standards, including ISO 27001, NIST 800.53, MITRE ATT&CK Framework CR.31 and of course GDPR.
We have satisfied the vendor onboarding processes of some of the leading investment banks and are externally certified by FSQS and CyberGRX via evidence-validated assessments. CyberGRX scored us within the top 1% of companies in the Software & Technology industry in their external assessment of our enterprise security programme.
ISO/IEO 27001 Compliance
We operate a comprehensive and fully implemented Information Security Management System in compliance with ISO/IEC 27001 standards
Customer Data Ownership
Customers retain full ownership and control of all proprietary data processed through our platform. We will never share or sell customer data
External Penetration Tests
We undergo regular, external penetration tests of our applications and infrastructure by a leading cybersecurity services firm
Cloud Security & Encryption
Our data and infrastructure is maintained securely within Microsoft Azure. Any sensitive data is encrypted in transit and at rest
Vulnerability Disclosure Policy
Thank you for helping us maintain the security of our platform.
If you discover a security vulnerability, please follow these guidelines that form part of our ISO compliance programme:
Contact: Please report vulnerabilities to our team via the contact form on this site.
Information to Include: When reporting a vulnerability, please provide a detailed description along with any steps necessary to reproduce it.
Expectations: Upon receiving your report, we will acknowledge it within 3 business days. Our team will investigate and, if validated, will work to fix the issue promptly. We will keep you informed of the progress.
Scope:
In-scope: Any vulnerability that impacts the security or integrity of our platform.
Out-of-scope: Any actions that could harm or disrupt our services, including but not limited to DDoS attacks, social engineering attacks, or physical attacks.