Security Audits

1. Purpose and Security Philosophy

Security audits are a foundational component of our governance and risk management framework. They exist to validate that our technical controls, operational processes, and compliance measures are functioning as designed and evolving in line with emerging threats.

We approach security as a continuous discipline rather than a one-time certification. Audits are used not only to verify compliance, but to actively improve resilience, detect systemic weaknesses, and reinforce trust across our ecosystem.

2. Audit Scope and Coverage

Security audits are conducted across all material layers of the platform, including infrastructure, applications, and operational controls.

Audit coverage may include:

• Network architecture and segmentation

• Application security and code integrity

• Identity and access management controls

• Data protection, encryption, and key management

• Incident response and disaster recovery readiness

• Vendor and third-party risk controls

The scope of each audit is determined based on risk profiles, regulatory obligations, and system changes.

3. Managing Cookies Through Your Browser

In addition to platform-level controls, most browsers allow you to manage cookies directly.

You may:

• Block or delete cookies

• Receive alerts before cookies are stored

• Configure per-site cookie rules

Please note that disabling all cookies at the browser level may impact functionality, security, or accessibility of the platform.

4. Audit Frequency and Triggers

Security audits are performed on both a scheduled and event-driven basis.

Audits may be initiated:

1. On a recurring, risk-based schedule

2. Following significant system changes or deployments

3. In response to emerging threats or incidents

4. When required by regulatory or contractual obligations

This ensures audit coverage remains aligned with the platform’s evolving risk landscape.

5. Vulnerability Management and Remediation

Cookie-derived data is:

• Stored securely

• Retained only for defined operational periods

• Accessed exclusively by authorized systems

Retention durations vary by cookie category and purpose and are aligned with legal and operational requirements.

6. Transparency and Disclosure

While full audit reports may contain sensitive or confidential information, we are committed to meaningful transparency.

Accordingly:

• High-level assurance statements may be made available to users or partners

• Regulatory disclosures are provided where legally required

• Material security issues are communicated in accordance with applicable laws

We do not disclose sensitive details that could compromise platform security.