Neobank Capital — Security Policy

Home

Last Updated: 23 Oct 2025

1. Purpose and Commitment

At Neobank Capital, we place the security, integrity, and confidentiality of our clients’ data and transactions at the core of our operations.

This Security Policy outlines the principles, technologies, and procedures that govern how we protect the information entrusted to us through our digital platforms and infrastructure.

Our mission is to ensure a safe, resilient, and compliant financial technology environment that operates with full transparency and industry-leading cybersecurity standards.

2. Scope

This policy applies to:

  1. All users of Neobank Capital’s web and mobile platforms;
  2. All systems, networks, and databases under our control;
  3. All employees, contractors, and third-party service providers with access to our systems;
  4. All personal, financial, and transactional data processed through Neobank Capital and its affiliated platforms (including PRS ONE Connect).

3. Security Governance

Neobank Capital maintains an internal Information Security Management System (ISMS) aligned with ISO 27001 and NIST Cybersecurity Framework (CSF) best practices.

Key security oversight functions include:

  1. Chief Information Security Officer (CISO) overseeing all data protection and threat mitigation strategies;
  2. Quarterly security audits and annual third-party penetration testing;
  3. Incident Response Committee responsible for real-time monitoring, escalation, and mitigation;
  4. Regular compliance reviews with applicable data protection and fintech security standards.

4. Data Protection Principles

We adhere to the following core principles when handling user data:

  1. Confidentiality: Only authorized personnel can access client or transaction data.
  2. Integrity: Data accuracy and completeness are ensured through checksums, validation rules, and monitoring systems.
  3. Availability: Our systems are designed for high uptime and disaster recovery readiness.
  4. Transparency: Users are informed about how their data is processed and protected.
  5. Compliance: We comply with GDPR, CCPA, and other relevant international data protection laws.

5. Infrastructure Security

Our systems are hosted on secure, redundant cloud environments with global data center distribution to ensure uptime, continuity, and scalability.

Key infrastructure protections include:

  1. Encryption in Transit & at Rest: All data exchanges are encrypted using TLS 1.3 and AES-256 standards.
  2. Zero Trust Network Architecture: Continuous verification of user and device identity.
  3. Multi-Factor Authentication (MFA): Required for both internal and external access.
  4. Firewall and Intrusion Detection Systems (IDS): Monitored 24/7 by automated systems.
  5. DDoS Protection: Layered mitigation against distributed attacks via Cloudflare and internal security partners.
  6. Network Segmentation: Isolates sensitive systems and reduces lateral threat movement.

6. Application Security

All software developed or integrated by Neobank Capital undergoes a Secure Software Development Lifecycle (SSDLC) process including:

  1. Code reviews and static/dynamic analysis;
  2. Penetration testing before each major release;
  3. OWASP Top 10 compliance for web and mobile applications;
  4. Regular dependency audits to identify and patch vulnerabilities.

We actively collaborate with our development partners to enforce consistent security practices and rapid patching of any discovered vulnerabilities.

7. User Account Protection

To safeguard user access and privacy:

  1. Passwords are stored using bcrypt or stronger hashing algorithms.
  2. Two-Factor Authentication (2FA) is required for sensitive actions.
  3. Session timeouts automatically log users out after inactivity.
  4. Device fingerprinting and anomaly detection identify suspicious login attempts.
  5. Login notifications are sent for every new session from an unrecognized device or location.

Users are encouraged to maintain secure passwords and avoid sharing login credentials with others.

8. Transaction and Financial Security

Although Neobank Capital provides decentralized financial technology services, we do not directly hold or control client funds.

All money movement and custodial services are processed through regulated third-party partners, who are independently compliant with:

  1. Financial Action Task Force (FATF) standards,
  2. Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations,
  3. Payment Card Industry Data Security Standards (PCI DSS).

All transaction data is cryptographically secured and verified through blockchain or distributed ledger integrations where applicable.

9. Monitoring, Detection & Incident Response

Neobank Capital maintains a 24/7 threat monitoring and alerting system to detect, analyze, and respond to security events.

Our Incident Response Plan includes:

  1. Immediate containment and isolation of affected systems;
  2. Root cause analysis and corrective actions;
  3. Notification to affected users and regulators (where required);
  4. Continuous post-incident review and improvements.

All incidents are documented and reviewed by the CISO and relevant compliance officers.

10. Third-Party and Vendor Security

We only partner with third-party service providers that meet strict security and compliance criteria.

Each provider undergoes:

  1. A security risk assessment before onboarding;
  2. Ongoing annual review of certifications and data handling procedures;
  3. Data Processing Agreements (DPAs) to ensure GDPR and CCPA compliance.

Neobank Capital assumes no responsibility for security lapses beyond our control within external systems, but we take all reasonable measures to ensure partners maintain comparable safeguards.

11. Business Continuity & Disaster Recovery

We maintain robust continuity and recovery plans to minimize service disruption.

Our systems are backed by:

  1. Daily data backups stored in multiple geographic regions;
  2. Automated failover and redundant systems;
  3. Disaster recovery tests conducted semi-annually;
  4. A target Recovery Time Objective (RTO) of under 4 hours and Recovery Point Objective (RPO) of under 1 hour.

12. User Responsibilities

While we maintain strong platform-level security, users also play a vital role:

  1. Use complex, unique passwords.
  2. Enable 2FA on your account.
  3. Keep your devices secure and up to date.
  4. Report suspicious activity immediately to security@neobank.capital.

13. Continuous Improvement

Cybersecurity is a dynamic field. Neobank Capital continually enhances its controls and infrastructure through:

  1. Regular penetration testing;
  2. Staff training and awareness programs;
  3. Engagement with independent cybersecurity firms;
  4. Bug bounty and vulnerability disclosure programs.

14. Contact Us

If you believe your account or data may have been compromised, or if you wish to report a vulnerability, please contact our security team immediately:

Security & Compliance Department

Neobank Capital / PRS ONE Financial Corp

Email: security@neobank.capital

Website: https://legal.neobank.capital

15. Policy Updates

We may revise this Security Policy from time to time to reflect technology updates, new regulations, or improved practices.

All updates will be posted on our website with a revised effective date.

On this Page
Contents 1. Purpose and Commitment 2. Scope 3. Security Governance 4. Data Protection Principles 5. Infrastructure Security 6. Application Security 7. User Account Protection 8. Transaction and Financial Security 9. Monitoring, Detection & Incident Response 10. Third-Party and Vendor Security 11. Business Continuity & Disaster Recovery 12. User Responsibilities 13. Continuous Improvement 14. Contact Us 15. Policy Updates

© 2025 Neobank Capital Legal Center | Privacy & Compliance Hub

Support
Marketing
...