Security Policy

Security Policy


Deploying More Capital is committed to maintaining robust security policies and practices to ensure compliance with applicable laws, regulations, and contractual obligations. Our focus is on safeguarding the confidentiality, integrity, and availability of data, reinforcing the trust of those who engage with our services.


Our security policies extend to all employees (full or part-time), interns, and contractors. These policies, approved by the leadership committee, undergo annual reviews. Covering various aspects such as change management, third-party vendors, acceptable use, and risk management, these policies form the backbone of our security framework.

Authentication and Authorization

All user accounts mandate complex passwords (minimum of 10 characters) and Multi-Factor Authentication (MFA). Access to resources follows the principle of least privilege, with permissions granted through a change management process. Unnecessary access is promptly revoked.


New hires undergo initial security training, while all employees receive monthly security micro-trainings on rotating topics. Regular educational phishing simulations help reinforce awareness. Additional trainings are conducted as needed, ensuring a proactive approach to security education.


Testing and production environments remain logically separated, with corporate users having no access to either. Each boundary is protected by firewalls limiting ports and services to essential functions. Access to different environments is strictly based on business necessity.

Change Management

A comprehensive change management process governs all alterations to production and sensitive access grants. The process enforces separation of duties and includes a review of all requests, regardless of approval status. An emergency process for urgent after-hour changes is also in place.

Email Security

An email firewall scans for malware in attachments and blocks suspicious emails. The email server negotiates encryption with the sender’s server, if supported. Employees can report phishing emails with a designated “report phishing” button.

Vulnerability Scanning

Monthly scans of the production infrastructure identify vulnerabilities, which are addressed based on criticality level.


Data classified as confidential or above is encrypted at rest (AES-256) and in transit (TLS 1.2 or above).

Vendor Management

Vendors handling confidential or above data undergo a risk evaluation by our Security Team. Vendor security postures, terms of service, and privacy practices are thoroughly assessed.

Bug Bounty Rules of Engagement

Deploying More Capital encourages security researchers to enhance our security posture through ethical testing. The bug bounty program focuses on specific domains and vulnerabilities, with clear guidelines on allowed and disallowed activities.

Allowed Activities

  1. Scoped domains limited to
  2. Vulnerabilities within the bug bounty program’s scope, including server-side flaws, authentication flaws, cross-site scripting, cross-site request forgery, directory traversal, misconfigurations, and insecure cipher suites.

Prohibited Activities

  1. Privacy violations, performance degradation, or data modification/destruction.
  2. Unauthorized access to internal systems.
  3. Repeated network requests for DDoS or rate limiting testing.
  4. Social engineering attempts.
  5. Testing from countries on the US sanctions list.
  6. Vulnerability disclosure to third parties.

Non-Payment Cases

  1. Non-security related bugs.
  2. Vulnerabilities outside the scoped websites.
  3. Vulnerabilities in third parties or known vulnerabilities.
  4. Bugs that require employee interaction.
  5. Nuisance exploits not posing a security risk.

Payment Process

Receipt confirmation within one business day, followed by a 5-business-day validation period. Payments issued once the vulnerability is closed and confirmed by the reporter or within 30 days, whichever comes first.

Payment Range

Between $50 and $1,000, depending on the severity of the vulnerability.

Submission Requirements

  1. Reproducible vulnerabilities with clear and complete steps.
  2. Single vulnerability per report, including a detailed summary, description, proposed severity, steps to reproduce, browser info, affected URLs, console logs, and screenshots.
  3. Limited vulnerability scanning to a maximum of 5 requests per second.
  4. Full name, country of residence, and security credentials summary required.

Legal Notice

Restrictions on issuing rewards to individuals on sanctions lists or residing in specific countries. Individuals are responsible for tax implications. The program is experimental, subject to cancellation at any time, with reward decisions entirely at our discretion.

Ethical Testing Guidelines

Testing must not violate any laws or compromise data not owned by the tester. No conflicts of interest are tolerated, with rewards withheld for employees of Deploying More Capital companies.

Deploying More Capital is committed to maintaining the highest standards of security, continuously evolving our practices to meet emerging threats. We invite ethical security researchers to collaborate with us in creating a safer digital landscape.

Stay in the know with Deploying More Capital!

Subscribe to receive the latest in blockchain and crypto delivered directly to your inbox.

Join our community for exclusive updates, market analyses, and expert insights.

Don't miss out on the future of finance – subscribe today and embark on a journey of discovery.

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Deploying More Capital will use the information you provide on this form to be in touch with you and to provide updates and marketing.