Trust Center
Moneytree is a privacy-first financial platform. This site documents our security controls, compliance certifications, governance practices, and AI policy — so you can verify our commitments, not just read about them.
Moneytree holds ISO/IEC 27001 (ISMS) certification, TRUSTe Privacy Accreditation across three products, and is registered with Japan's Financial Services Agency as an electronic payment intermediary.
- ISO/IEC 27001
- TRUSTe Certified
- FSA Registered
Moneytree's ISMS is anchored by 5 core documents — including the Information Security Policy and Statement of Applicability — and backed by 20 operational policies covering everything from AI use to cryptography, access control, and vendor management. A dedicated security tooling stack (CrowdStrike, Okta, AWS Security Hub, Sumo Logic, and more) enforces controls across the organisation.
- ISO/IEC 27001 ISMS
- 20 operational policies
- 7 security tools
63 security controls across infrastructure, organizational, product, and data domains — all independently audited. We run continuous vulnerability scanning, SAST/DAST in CI/CD, and an active Bugcrowd bug bounty programme.
- 63 controls
- Bug bounty (Bugcrowd)
- Annual pentest
AI use at Moneytree is governed by a formal policy aligned to a Framework for Responsible AI Use. Sensitive data may not be used with external AI systems without an approved risk review. An Oversight Committee monitors compliance.
- Privacy & fairness
- Data classification rules
- Oversight Committee
Answers to common questions about our SLAs, data storage location, compliance frameworks, data deletion procedures, and how to report a security vulnerability.
View all FAQs →Our security team is available to answer questions about our controls, certifications, data handling, or to receive a vulnerability report.