Security

At Veritas Funds LLP, security is fundamental to everything we do. We handle sensitive financial and personal data, and we take our responsibility to protect it extremely seriously.

Application Security

• CSRF protection on all form submissions
• Input validation and sanitisation to prevent injection attacks
• Content Security Policy (CSP) headers
• HTTP Strict Transport Security (HSTS)
• Regular dependency scanning and vulnerability assessments
• Row-level security (RLS) ensures complete data isolation between clients
• Secure session management with automatic expiry

Document Security

• KYC and case documents stored in private, encrypted storage buckets
• Access via time-limited, signed URLs only
• File type and size validation on all uploads
• Automatic virus/malware scanning on uploaded files
• Audit logging of all document access and downloads

Authentication & Authorisation

• Email verification required for all new accounts
• Password requirements: minimum 8 characters, mixed case, numbers
• Secure password hashing (bcrypt)
• Rate limiting on authentication endpoints
• Automatic account lockout after failed attempts
• Secure password reset via time-limited email tokens

Employee Security

• Background checks for all employees handling client data
• Regular security awareness training
• Non-disclosure agreements for all staff
• Principle of least privilege for system access
• Access review and revocation upon role change or departure

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to security@veritasfundsllp.com. We take all reports seriously and will investigate promptly. We request that you:

• Do not exploit the vulnerability beyond what is necessary to demonstrate it
• Do not access, modify, or delete data belonging to other users
• Allow us reasonable time to address the issue before public disclosure