Security

Security Policy

Last updated: 29 August 2025. This policy describes how Primepath Venturs Ltd. safeguards data and systems, our security practices, and how to report vulnerabilities responsibly.

On this page: Our approach • Technical & organisational measures • Cloud & infrastructure • Employee practices • Responsible disclosure • Incident response • Contact

Our security approach

We take the confidentiality, integrity and availability of data seriously. Security is built into our processes from design to deployment. We apply the principle of “defence in depth”, using multiple layers of protection to reduce risks. Our aim is to protect not only our own systems but also the data entrusted to us by clients and partners.

Technical & organisational measures

Encryption: Data is encrypted in transit (TLS 1.2+) and at rest. Sensitive data is further protected with strong key management.
Access controls: We follow the principle of least privilege. Multi‑factor authentication is enforced on critical systems.
Monitoring: Logs are collected and monitored for unusual activity. Alerts are configured for potential threats.
Backups: Regular backups are taken, encrypted and tested for restoration.
Network security: Firewalls, intrusion detection and segmentation are in place to prevent unauthorised access.

Cloud & infrastructure

We use leading cloud providers (AWS, Azure) with UK/EU data centres where possible. Infrastructure is managed as code for consistency and auditability. Providers are reviewed for compliance with standards such as ISO 27001 and SOC 2.

Employee practices

Employees receive security awareness training at onboarding and annually.
Access is revoked immediately when staff leave the company.
Developers follow secure coding guidelines and code reviews include security checks.
We maintain an incident response plan and practice tabletop exercises.

Responsible disclosure

We welcome reports of security vulnerabilities. If you believe you’ve found a vulnerability in our website or systems, please email us at security@primepathventurs.co.uk. Please include enough detail to help us reproduce the issue. We ask that you:

Do not exploit the vulnerability beyond what is necessary to demonstrate it.
Give us a reasonable time to investigate and fix before making any information public.
Avoid privacy violations, data destruction or service disruption.

We will acknowledge receipt of your report within 3 business days and aim to provide an update within 10 business days. While we do not currently offer a formal bug bounty, we appreciate and publicly credit responsible researchers (with consent).

Incident response

If an incident occurs that affects personal data, we will follow our incident response process:

Identify and contain the incident quickly.
Investigate and assess the scope and impact.
Notify affected clients and regulators where legally required (usually within 72 hours under UK GDPR).
Remediate and review to prevent recurrence.

Contact our security team

If you have questions about this Security Policy or wish to report a concern, contact us:

Email: security@primepathventurs.co.uk
Phone: +44 0204 513 5558
Address:
Covent Garden
London
WC2H 9JQ
UNITED KINGDOM

For general privacy matters, see our Privacy Policy. For cookie preferences, see our Cookies Policy.

We continuously review our security measures. Updated versions of this policy will be posted here with a new “last updated” date.