Data Ownership, Information Security and Third Party Risk Management
We work with some of the largest global investment banks, handling their private and confidential information. We maintain a state of the art information and cyber security posture and have all the controls and documentation in place to not only give peace of mind to our customers, but also to minimise the administrative friction in the onboarding process.
We maintain an external ISO/IEC 27001:2022 certification by Prescient Security LLC (a CREST certified global top 20 cyber security company) and can provide externally verified mappings of our security controls for the most important global standards.
We have satisfied the vendor onboarding processes of some of the leading investment banks and are externally certified by FSQS and CyberGRX via evidence-validated assessments. CyberGRX scored us within the top 1% of companies in the Software & Technology industry in their external assessment of our enterprise security programme.
ISO/IEC 27001 Certification
We maintain a state of the art Information Security Management System ad an external ISO/IEC 27001:2022 certification by Prescient Security (a CREST certified global top 20 cyber security company)
Customer Data Ownership
Customers retain full ownership and control of all proprietary data processed through our platform. We will never share or sell customer data
External Penetration Tests
We undergo regular, external penetration tests of our applications and infrastructure by a leading cybersecurity services firm
Cloud Security & Encryption
Our data and infrastructure is maintained securely within Microsoft Azure. Any sensitive data is encrypted in transit and at rest
Vulnerability Disclosure Policy
Thank you for helping us maintain the security of our platform.
If you discover a security vulnerability, please follow these guidelines that form part of our ISO compliance programme:
Contact: Please report vulnerabilities to our team via the contact form on this site.
Information to Include: When reporting a vulnerability, please provide a detailed description along with any steps necessary to reproduce it.
Expectations: Upon receiving your report, we will acknowledge it within 3 business days. Our team will investigate and, if validated, will work to fix the issue promptly. We will keep you informed of the progress.
Scope:
In-scope: Any vulnerability that impacts the security or integrity of our platform.
Out-of-scope: Any actions that could harm or disrupt our services, including but not limited to DDoS attacks, social engineering attacks, or physical attacks.