Legal

Information Security Policy

Technical and organisational measures EVOLVE implements to protect the platform and user information.

Last updated: June 2026

1. Security Pillars

EVOLVE adopts a layered security approach based on the following fundamental pillars, in accordance with Article 32 of the GDPR and the Estonian Cybersecurity Act:

  • Confidentiality: data is accessible only to authorised persons.
  • Integrity: data is kept complete and free from unauthorised alterations.
  • Availability: systems and data are available when needed.
  • Resilience: the platform maintains the capacity to operate in the event of technical or security incidents.

2. Security through Scope Limitation

EVOLVE operates under a minimal attack surface model: it does not hold funds, does not manage financial assets and does not process transactions on behalf of the user. This structural limitation of service scope inherently reduces the risk of exposure of critical data.

  • No fund custody: no user financial capital is stored or managed.
  • No bank account access: the platform does not conduct banking operations.
  • No financial credentials: EVOLVE does not request users' financial institution passwords.
  • Least privilege principle: data access is limited to the minimum necessary.

3. Availability and Operational Resilience

EVOLVE implements high availability and service continuity measures through:

  • Cloud infrastructure with geographic redundancy.
  • Disaster recovery and business continuity plans.
  • Continuous systems and infrastructure monitoring.
  • Data backup and restoration procedures.
  • Regular testing of resilience mechanisms.

4. Data Integrity and Protection

Protection of personal data and platform information is ensured through:

  • Encryption of data in transit using TLS 1.3.
  • Encryption of data at rest using AES-256.
  • Role-based access controls and multi-factor authentication.
  • Logical separation of environments (production, development, testing).
  • Secure data lifecycle management.

5. Security Incident Management

EVOLVE has a security incident management procedure in accordance with GDPR requirements and the NIS2 Directive:

  • Detection and classification of incidents using automated systems.
  • Notification to competent authorities within legally established timeframes (maximum 72 hours for incidents affecting personal data).
  • Communication to affected users where required by regulation.
  • Post-incident analysis and adoption of corrective measures.

6. User Responsibility

Platform security is a shared responsibility. Users must:

  • Keep their access credentials confidential.
  • Not share their password with third parties.
  • Notify EVOLVE immediately upon any suspicion of unauthorised access to their account.
  • Use secure devices and networks to access the platform.
  • Keep software and operating systems on their devices up to date.

7. Continuous Improvement

EVOLVE periodically reviews and updates its security measures through:

  • Regular vulnerability assessments and penetration testing.
  • Internal and external security audits.
  • Continuous staff security training.
  • Monitoring of regulatory developments and the threat landscape.
  • Regular updates to policies, procedures and systems.

8. Vulnerability Reporting

If you detect a security vulnerability in the EVOLVE platform, we encourage you to report it responsibly via admin@evolve.market. EVOLVE undertakes to acknowledge reports within a reasonable timeframe and to diligently assess and resolve reported vulnerabilities.

Humman Finance Marketplace OÜ Email: admin@evolve.market Security incidents: admin@evolve.market

Start exploring with vision

Create your account and access curated financial opportunities.

Create free account