The purpose of this policy is to establish guidance and general principles for security at Tradervoice, as well as to establish the direction with regards to security objectives. If any other guiding security documents are in conflict with this policy, the Security Policy shall have precedence. The overall objective with Tradervoice security is to enable business strategy, through the realization of the following strategic security objectives:

• Ensure secure API authentication and authorization mechanisms to protect user data and prevent unauthorized access.
• Customers' perception of their online security when interacting with Tradervoice is of the highest security standard.
• Innovation and significant revenue streams are identified and protected with trust by design and adequate resources.
• Tradervoice aims to align with relevant regulatory compliance and risk management practices in its operating markets.
• Embracing simplicity insecurity to improve understanding, encourage ownership, and promote inclusion. In order to achieve the strategical objectives above, Tradervoice shall:
• Enable the right conditions for business strategies to be realized by being forward leaning and continuously improving security management.
• Maintain and strengthen the security level with easy-to-use methods and straight to the point measures to protect Tradervoice and our customers.
• Openly communicate and strive to include all employees to iteratively improve security.

• Security – Security in the Tradervoice context concerns the safeguarding of Tradervoice company assets. Company assets include the people, facilities, equipment, information, IT systems and other assets necessary for conducting our business.
• Information security –Information security means the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide:
  1. Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information;
  2. Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; and
  3. Integrity, which means guarding against improper information modification or destruction, and include sensuring information nonrepudiation and authenticity; and
• Cybersecurity –Cybersecurity is defined as the prevention of damage to, unauthorized use of, exploitationof, and—if needed—the restoration of electronic information and communications systems,and the information they contain, to strengthen the confidentiality, integrityand availability of these systems.

The following are Tradervoice fundamental guiding securityprinciples:

1. The management shall decide on the strategic security objectives, the security risk appetite and ensure that the organization has the necessary means to achieve the security objectives.
2. A Head of Security shall be appointed where feasible to oversee security efforts and maintain platform trust.
3. The Risk Owners shall be responsible for managing their security risks with support from Tradervoice organization.
4. Tradervoice shall adopt and implement a tailored security management system, built on proven standards, that enables a systematic approach to security.
5. Tradervoice aims to follow industry best practices for API security and continuously improve its authentication and data protection mechanisms, including:
   1. OAuth 2.0 authentication and authorization to secure access to customer accounts.
   2. Role-based access control(RBAC) to limit permissions and prevent excessive privilege escalation.
   3. Encryption of API communication (TLS 1.2/1.3) to ensure data integrity and confidentiality.
   4. Rate limiting and monitoring to detect and prevent abuse, such as API scraping or brute-force attacks.
   5. Logging and alerting for suspicious API activity to detect unauthorized attempts.
6. The Head of Security strives to conduct a yearly review of Tradervoice’s security system.
7. Tradervoice strives to integrate security throughout its operations, ensuring proportional security measures are applied where necessary.
8. Tradervoice shall determine the value of information assets in relation to assessed risks in order to implement proportional measures.
9. Risk assessments and security reviews shall be conducted as needed, based on operational priorities and available resources, to identify and mitigate potential risks while improving overall security posture.
10. Security shall be considered in all parts of the organization and phases of projects, such as, but not limited to:
    1. A strong security and risk awareness culture where all personnel are responsible for prescribed security measures,
    2. Evaluations and controls of security measures and risks, procedures for the testing, assessment and evaluation of the effectiveness of the security measures.

The Head of Security shall promote security awareness amongemployees at all levels and long-term in-house consultants.

‍