Data Ownership, Information Security and Third Party Risk Management

We work with some of the largest global investment banks, handling their private and confidential information. We maintain a state of the art information and cyber security posture.

We maintain an external ISO/IEC 27001:2022 certification by Prescient Security LLC and can provide externally verified mappings of our security controls for global standards.

Externally certified by FSQS and ProcessUnity. Scored within the top 1% of companies in the Software & Technology industry in their external assessment of our security programme.

ISO/IEC 27001 Certification

We maintain a state of the art Information Security Management System and an external ISO/IEC 27001:2022 certification by Prescient Security (a CREST certified global top 20 cyber security company).

Customer Data Ownership

Customers retain full ownership and control of all proprietary data processed through our platform. We will never share or sell customer data.

External Penetration Tests

We undergo regular, external penetration tests of our applications and infrastructure by a leading cybersecurity services firm.

Cloud Security & Encryption

Our data and infrastructure is maintained securely within Microsoft Azure. Any sensitive data is encrypted in transit and at rest.

Vulnerability Disclosure Policy

Thank you for helping us maintain the security of our platform. If you discover a security vulnerability, please follow these guidelines that form part of our ISO compliance programme:

Contact:Please report vulnerabilities to our team via the contact form on this site.
Information to Include:When reporting a vulnerability, please provide a detailed description along with any steps necessary to reproduce it.
Expectations:Upon receiving your report, we will acknowledge it within 3 business days. Our team will investigate and, if validated, will work to fix the issue promptly. We will keep you informed of the progress.
Scope:
- •In-scope: Any vulnerability that impacts the security or integrity of our platform.
- •Out-of-scope: Any actions that could harm or disrupt our services, including but not limited to DDoS attacks, social engineering attacks, or physical attacks.