Effective Date: February 18, 2026
Last Updated: February 18, 2026
This Cybersecurity & Information Security Policy describes AlgoPear's cybersecurity and information security program at a high level. It is intended to communicate the principles and controls we use to protect the confidentiality, integrity, and availability of systems and data supporting the AlgoPear Services.
1. Scope
This policy applies to:
- Corporate systems and endpoints
- Cloud and production environments used to operate the Services
- Data processed in connection with the Services on behalf of financial institution partners
- Personnel, contractors, and service providers with access to covered systems or data, as applicable
2. Security Governance
AlgoPear maintains a risk-based approach to information security designed to support secure product development, operational resilience, and protection of customer and partner data. Security responsibilities are assigned internally and reviewed as the company, systems, and risk profile evolve.
3. Data Classification and Handling
AlgoPear applies reasonable measures to classify and handle data according to its sensitivity and business purpose.
High-level principles include:
- Limiting access to sensitive data based on business need
- Restricting the collection and retention of data to what is reasonably necessary for service delivery, legal, security, and operational purposes
- Using appropriate safeguards for the storage, transmission, and disposal of sensitive information
- Requiring personnel with access to confidential information to follow internal security and confidentiality requirements
4. Access Control and Privileged Access Management
AlgoPear maintains access controls intended to ensure that access to systems and data is limited to authorized users with a legitimate business need.
High-level controls include:
- Role-based or need-to-know access principles where practical
- Least privilege access for production systems and administrative functions
- Multi-factor authentication for critical systems and administrative access where supported
- Processes for provisioning, modifying, and revoking access
- Review and restriction of privileged or elevated access
- Logging and monitoring of administrative or sensitive access activity where appropriate
5. Encryption of Data at Rest and in Transit
AlgoPear uses industry-standard safeguards to protect data in transit and at rest where supported by our systems and service providers.
High-level controls include:
- Encryption in transit using TLS or equivalent secure transport methods
- Encryption at rest for supported cloud storage, databases, and service environments
- Secure handling of credentials, secrets, and authentication materials
- Use of trusted providers and configurations designed to reduce exposure of sensitive data
6. Vulnerability Management and Patch Management
AlgoPear maintains processes intended to identify, evaluate, prioritize, and remediate security vulnerabilities affecting company-managed systems and software.
High-level controls include:
- Routine patching of operating systems, applications, libraries, and dependencies based on risk and operational priority
- Monitoring for known vulnerabilities in infrastructure and software components
- Review and remediation of critical and high-risk issues within a reasonable timeframe
- Use of secure development and deployment practices, including code review and change controls where practical
- Endpoint protection and system hardening measures where appropriate
7. Incident Response and Disaster Recovery
AlgoPear maintains processes to detect, respond to, and recover from security incidents and operational disruptions.
High-level controls include:
- Procedures for incident identification, triage, containment, investigation, remediation, and recovery
- Escalation paths for security and availability events
- Logging, monitoring, and alerting to support detection and response
- Backup and recovery measures for critical systems where supported
- Periodic review of response and recovery practices, including post-incident review where appropriate
8. Physical Security
AlgoPear uses physical security measures appropriate to the nature of the environments in which systems and data are handled.
High-level controls may include:
- Use of reputable cloud infrastructure providers with managed physical security controls for hosted production environments
- Restricted physical access to company-managed devices and work areas
- Device protections such as screen locking, authentication controls, and secure device handling practices
Where production environments are hosted by third-party cloud providers, physical security controls are generally managed by those providers.
9. Vendor Risk Management
AlgoPear evaluates key third-party vendors and service providers that may store, process, transmit, or otherwise access sensitive company or customer data.
High-level controls include:
- Risk-based review of vendors before or during onboarding, as appropriate
- Consideration of the vendor's security posture, data practices, and contractual protections
- Limiting vendor access to the minimum necessary to provide services
- Ongoing review of critical vendors on a reasonable cadence based on risk
10. Workforce Security and Awareness
AlgoPear expects personnel with access to company systems or sensitive information to follow internal security expectations and confidentiality obligations.
High-level controls may include:
- Security awareness and training appropriate to role and risk
- Confidentiality obligations
- Access revocation procedures upon role change or separation
- Reporting expectations for suspicious activity, policy concerns, and security incidents
11. Secure Development and Monitoring
AlgoPear incorporates security considerations into the development and operation of its Services.
High-level controls may include:
- Code review and change management practices
- Separation of development and production access where practical
- Centralized logging, monitoring, and alerting for key systems
- Review of dependencies and updates as part of the software lifecycle
- Ongoing efforts to improve resilience, reliability, and security posture
12. Policy Updates
AlgoPear may update this policy from time to time to reflect changes in its business, technology, service providers, legal requirements, or security practices. The most current version will be posted on this page and reflected by the "Last Updated" date above.
13. Contact
Security and privacy inquiries may be sent to:
AlgoPear, Corp.
Attn: Security
Email: support@algopear.com