Security and privacy at ObieTech

Access to ObieTech systems and customer data is strictly controlled using the principle of least privilege.

Security controls include:

• Role-based access controls
• Multi-factor authentication for administrative access
• Secure identity and authentication management

These controls ensure only authorised personnel can access systems necessary to perform their responsibilities.

Security and trust are fundamental to the ObieTech platform. We design our systems, infrastructure, and processes to protect financial data, maintain platform integrity, and support our customers in meeting high security and compliance expectations. Our security program combines secure architecture, strict access controls, continuous monitoring, and independent verification through recognised industry standards.

Security governance is embedded into our organisation through defined responsibilities, security training, and regular risk assessments to ensure our systems and processes remain resilient as the platform evolves. We continuously monitor compliance with these controls and provide independent assurance of our security and operational practices through third-party audits. Our SOC 2 progress is available on our Trust Centre.

All ObieTech datastores containing customer data are encrypted at rest, including databases and object storage services such as S3.

Sensitive information is further protected with field-level encryption, ensuring that highly sensitive data elements are encrypted before they are written to the database. This layered encryption model provides an additional safeguard so neither direct access to the underlying infrastructure nor logical database access is sufficient to expose protected information.

All data transmitted between users, applications, and internal services is encrypted using modern transport encryption protocols such as Transport Layer Security (TLS).

This ensures that sensitive information remains protected while moving between:

• User devices and the ObieTech platform
• Internal services within the platform architecture
• External integrations and partner systems

Transport encryption prevents interception or tampering of data while it is being transmitted across networks.

ObieTech uses secure key management practices to control the lifecycle of encryption keys used to protect customer data.

Encryption keys are securely generated, stored, and managed using dedicated key management services. Access to encryption keys is tightly restricted through role-based access controls and strong authentication requirements.

These controls ensure encryption keys remain protected and that access to encrypted data is strictly controlled.

ObieTech incorporates security into every stage of the software development lifecycle.

• Secure architecture and design reviews
• Peer code reviews prior to production deployment
• Security testing integrated into development workflows
• Controlled release and deployment processes
• Ongoing review and improvement of security practices

These practices help ensure that potential vulnerabilities are identified and addressed before software is deployed to production environments.

The ObieTech platform is designed using modern application security principles to protect against common web application vulnerabilities.

Security controls are implemented to mitigate risks such as:

• Injection attacks
• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF)
• Authentication and session management vulnerabilities
• Improper access controls

Application security protections are regularly reviewed and improved as part of our ongoing security program.

ObieTech designs and operates its platform to provide reliable, resilient access to financial data and services. Our infrastructure and operational processes are built to support high availability, fault tolerance, and rapid recovery from unexpected events.

We continuously monitor platform performance and system health to ensure the platform remains stable, secure, and available to customers.