Maverick recognizes the paramount importance of data security and the fiduciary trust entrusted to us by our clients to
safeguard their sensitive information. In safeguarding your financial data, we rely on a comprehensive suite of managed
services, each rigorously vetted and demonstrably adhering to the highest industry security standards and established
protocols. This document comprehensively outlines our robust security measures and the accompanying certifications
attained by the integrated services, all in the ongoing pursuit of guaranteeing the most comprehensive data protection
for our valued clientele.

Maverick - All our managed services are SOC II-compliant.

Maverick Security Practices

Maverick ensures data security through the following measures:

Network Segmentation:

To enhance security, Maverick maintains its web servers and databases on separate network segments. This segregation
restricts lateral movement within the infrastructure, further safeguarding client data.

Data Retention:

Maverick respects the right to data erasure. Client data is securely deleted upon request or automatically following the
termination of subscription services. Retention periods may be subject to applicable legal or regulatory requirements.

Data Encryption:

All data transmitted through Maverick's REST API is protected by Transport Layer Security (TLS), ensuring confidentiality and
integrity during transmission.

Encryption Protocols:

Maverick prioritises data security by utilising industry-standard encryption protocols such as TLS. These protocols provide
robust safeguards against unauthorisd access and data breaches.

Cloud & Managed Infrastructure:

Maverick leverages Amazon Web Services (AWS) cloud infrastructure. Benefitting from years of collective security expertise
and continuous security enhancements, AWS provides a highly secure and reliable platform for Maverick's operations.

Access Control:

Stringent access controls are implemented to limit data access to authorized Maverick personnel only. This mitigates the risk of unauthorized access and data mishandling.

Real-time Surveillance:

Maverick deploys continuous system monitoring, generating immediate alerts for any suspicious activity. This proactive
approach enables prompt response to potential security threats, minimizing potential damage.

Comprehensive Logging:

Detailed logs of all API calls are maintained, facilitating tracing and auditing of system activity. These logs serve as a valuable
resource for security analysis and investigation, enhancing forensic capabilities and incident response.

Launch and SOC II Compliance:

Maverick is committed to data security and operational excellence. We are actively pursuing Service Organisation Control 2
(SOC 2) compliance, targeted for completion in Q3 2024. Achieving SOC 2 certification will further demonstrate our commitment to robust security controls and data confidentiality.

Maverick Information Security Policy

1. Introduction

This policy outlines the measures Maverick takes to protect banking transaction data, accounting data, and billing data,
ensuring its confidentiality, integrity, and availability. This policy applies to all employees, including all CxOs, and any future personnel.

2. Purpose

Maverick is committed to safeguarding sensitive financial information from unauthorized access, disclosure, alteration, or
destruction. This policy establishes the framework for achieving this objective.

3. Roles and Responsibilities

CEO, CRO: These individuals are responsible for implementing and enforcing this policy, ensuring compliance, and conducting
regular reviews.

Employees: All personnel must adhere to the security protocols outlined in this policy and take necessary precautions to
protect confidential information.

4. Risk Management

The primary focus of Maverick's risk management strategy is cybersecurity. Due to the nature of our business and reliance on
cloud services, we prioritize protection against online threats.

5. Data Protection

Cloud Storage: Maverick utilizes secure cloud platforms like AWS to store sensitive data.

Least Privilege Access: Even within the small team, the principle of least privilege is applied, granting access only to the data
and systems necessary for each role.

6. Physical Security

As Maverick operates remotely, the focus is on securing individual work environments and ensuring the physical security of
devices used to access or store confidential data. AWS data centers provide an additional layer of physical security for stored
data.

7. Network Security

Cloud-Based Security: Maverick leverages AWS's built-in security features, including firewalls and intrusion detection, to
protect our network infrastructure.

Secure API Integration: Secure protocols and encryption are applied when integrating with other services.

8. Incident Response and Recovery

A basic protocol for responding to potential security incidents, including data breaches or unauthorized access attempts, is
established. This protocol includes notification procedures, containment measures, and a process for restoring affected systems.
Regular backups of critical data are maintained on secure cloud platforms to facilitate recovery in case of incidents.

9. Compliance and Auditing

Maverick adheres to all relevant regulations pertaining to financial data handling, including the General Data Protection
Regulation (GDPR). We conduct regular reviews of security settings in cloud services and internal systems to ensure continued compliance.

10. Training and Awareness

Maverick recognizes the importance of ongoing security awareness and education. As a small team, we prioritise continued learning about emerging security threats and best practices. We encourage employees to take advantage of training resources provided by cloud service providers like AWS and DigitalOcean, as well as API vendors.

11. Policy Review and Update

To adapt to the ever-changing technological landscape and the growth of the company, this policy will be reviewed and updated
regularly. All personnel will be notified of any changes to the policy and required to acknowledge their understanding.

12. Acknowledgement of Understanding

All employees must acknowledge their understanding and acceptance of this policy through a signed attestation form.

Conclusion

Maverick remains firmly committed to the unwavering protection of your financial data. Our ongoing deployment of rigorously
certified managed services and industry-best security measures demonstrably reflects our unwavering dedication to upholding the most stringent data security and privacy standards. We actively encourage you to explore the accompanying security documentation, which provides comprehensive details on the robust security protocols employed by each managed service's security.
If you have questions or concerns about our security practices, please reach out to our team at security@mymaverick.app