1.1 Data & Infrastructure Security

• Cloud-hosted infrastructure using ISO 27001 / SOC 2–aligned providers
• End-to-end encryption (TLS 1.2+) for data in transit
• Encrypted databases for data at rest (AES-256)
• Role-based access control (RBAC) for staff, partners, and users
• Multi-factor authentication (MFA) for admin and financial accounts

1.2 Application Security

• Secure API architecture with rate limiting and monitoring
• Regular vulnerability scanning and penetration testing
• Secure onboarding and verification workflows for businesses
• Protection against DDoS attacks, SQL injection, Cross-site scripting (XSS), and Credential stuffing

1.3 Data Privacy & Ownership

• Users retain ownership of their business and transaction data
• Data is never sold to third parties
• Strict internal access logging and monitoring
• Automated backups and disaster recovery protocols

2.1 Jurisdictional Scope

The platform is designed to operate in compliance with:

• Canada
• United States
• EU (where applicable)
• Africa & Asia (trade-related use cases)

Local regulatory compliance applies based on user location and transaction type.

2.2 Key Regulatory Areas Covered

• Trade & export regulations
• Financial facilitation (non-custodial)
• Business verification
• Anti-fraud and sanctions screening
• Data protection and privacy laws

3.1 Business & User Compliance

Mandatory KYC / KYB verification for:

• Sellers
• Buyers
• Financial partners
• Logistics providers

Sanctions screening against:

• OFAC
• UN sanctions lists
• Canadian sanctions regime

3.2 Data Protection Compliance

• PIPEDA (Canada)
• GDPR (EU users)
• CCPA-aligned principles (US users)

Key practices:

• Explicit user consent
• Data minimization
• Right to access and deletion
• Breach notification procedures

3.3 Financial & Trade Compliance

• Platform operates as a connector, not a bank or custodian
• Payments, financing, and insurance are handled by licensed partners
• No custody of user funds
• AML policies aligned with FINTRAC standards (where applicable)

4.1 Internal Controls

• Segregation of duties between Platform operations and Financial processes
• Partner onboarding verification
• Continuous monitoring of high-risk activities
• Automated alerts for suspicious behavior

4.2 Audit Readiness

• Annual internal compliance review
• Third-party audits as required by Financial partners, Institutional investors, and Government programs
• Full audit trails for User onboarding, Transactions, and Partner referrals

4.3 Incident Management

• Formal incident response plan
• 24–72 hour breach assessment window
• Transparent communication with affected users and partners

5.1 Core Platform Insurance

The platform maintains or plans to maintain:

• Cyber Liability Insurance
• Professional Liability (Errors & Omissions)
• Directors & Officers (D&O) Insurance
• General Commercial Liability

5.2 Partner & Transaction Insurance

• Trade credit insurance facilitated via licensed insurers
• Cargo and shipment insurance via logistics partners
• Political risk and export insurance (where applicable)
• No insurance underwriting conducted directly by the platform

6.1 Governance Structure

• Executive oversight for compliance and risk
• Advisory relationships with Legal counsel, Trade finance experts, and Regulatory advisors

6.2 Transparency

• Clear Terms of Service & Privacy Policy
• Disclosures on Platform role, Limitations of liability, and Partner responsibilities
• User education on compliance obligations