Ensuring Trust, Security, and Privacy for Your Treasury
At Your Treasury, safeguarding your data and ensuring a secure learning environment are central to everything we do. We are committed to providing a secure platform that meets the high standards expected by multinational organisations. This document outlines our approach to cybersecurity and data privacy, detailing the measures we take to protect our clients and their data.
We are proud to be members of the Government's cyberfirst initiative.
Our Cybersecurity Framework
Secure Platform Infrastructure
Our website and learning tools are built on a robust infrastructure designed to meet enterprise-grade security standards:
Hosted on Azure:
Azure is a trusted platform with SOC 1 and SOC 2 certifications, providing assurances about its security controls for financial reporting and operational processes. These reports are available for review via Azure's Service Trust Portal.
Protected by Cloudflare:
Our platform benefits from Cloudflare's state-of-the-art content delivery network and web application firewall, ensuring robust protection against cyber threats.
Two-Factor Authentication
All users must authenticate their identity using two-factor authentication (2FA) during registration, typically via email confirmation. This additional layer of security ensures that only authorised individuals can access the platform.
Restricted Tool Access
Access to our learning tools, including Claude via API and JupyterLite, is granted only to logged-in users. This controlled access minimises risks and ensures that our platform is used securely.
Active Implementation of Security Recommendations
We actively utilise Microsoft Defender for Cloud to conduct vulnerability assessments and maintain a high level of security.
Microsoft Defender provides detailed insights into potential vulnerabilities across our Azure infrastructure.
Recommendations are reviewed and implemented promptly to enhance system security, including patching, access control adjustments, and configuration updates.
Automated monitoring ensures continuous compliance with industry best practices, keeping our systems secure from evolving threats.
Data Privacy and Handling
No Client-Specific Data Storage
We do not collect or store sensitive client data such as company bank account details or confidential treasury information. The only data we retain are:
Names and email addresses for login purposes.
Anonymised training records that do not include any client-specific details.
Payment Security
Payments are securely processed via Stripe, which handles all payment card details. For bank transfers, we do not retain or process any bank account information.
Client Data Support
If clients need assistance with data-related issues, we provide guided support during online or in-person sessions.
No Data Retention: We do not record or store client data during these sessions.
Training Session Recordings: While training sessions may be recorded for catch-up purposes, no client-specific data is included in these recordings.
Learning Tools: Security Measures
Claude via API
Claude is provided by Anthropic, which holds SOC 2 Type II certification, demonstrating its adherence to stringent security standards. Claude's secure API ensures that interactions are private and compliant with enterprise needs. While we do not review user requests to Claude, only the last five chat interactions are temporarily stored for users to refer back to—these are auto-deleted after five sessions.
JupyterLite
JupyterLite runs entirely in your browser, eliminating the need for server-side execution and significantly reducing security risks. We ensure that this is regularly updated to ensure that any patches required are implemented. The latest version (0.4.4), which we have implemented, has addressed known vulnerabilities, and we ensure the tool is updated regularly. By design:
Users cannot run Python scripts on our server.
Libraries of pre-written scripts, such as for plotting charts, will be reviewed by cybersecurity experts before being made available.
Jupyter Notebook+
Each user has their own dedicated Azure database to store information. Your Treasury does not have access to these databases.
Python Scripts and Automated Tools
From time to time, we create automated tools and workflows designed to streamline common tasks. These tools can be deployed by clients in Python or through platforms like Copilot.
Extensive Testing: All scripts undergo comprehensive testing to ensure smooth operation, functionality, and usability, reducing the likelihood of errors during deployment.
Vulnerability Assessments: Each script is rigorously assessed for potential vulnerabilities to minimise security risks and ensure adherence to best practices.
Customisation and Deployment: These tools are tailored to client-specific needs, enabling faster adoption and enhanced efficiency while maintaining robust security controls.
This approach ensures that our Python solutions are both practical and secure for deployment in diverse environments.
Deployment Approach
When these tools are to be deployed within a client's environment, our approach is as follows:
Integration with Existing Infrastructure
We prioritise deploying solutions within the client’s existing infrastructure, leveraging widely used tools to ensure compatibility and ease of use. Examples include:
Microsoft Power Automate: To create automated workflows that integrate seamlessly with other Microsoft tools.
Python in Excel: Running Python scripts directly within Excel to generate charts or automate repetitive data tasks.
Power BI: Embedding Python scripts within Power BI to extend analytics and visualisation capabilities.
Kubernetes-Based Deployments
Where integration with existing tools is not feasible, we deploy Python applications in a standalone capacity using Kubernetes, tailored to the client’s cloud provider:
Azure Kubernetes Service (AKS): Using Azure’s managed Kubernetes environment with robust access controls.
Google Kubernetes Engine (GKE): Securely orchestrating containers with IAM roles for least privilege.
Amazon Elastic Kubernetes Service (EKS): Leveraging IAM roles for pods and encrypted communication between services.
Security-First Configuration
Limited Access: Enforcing minimal permissions for scripts and workflows to perform specific tasks only.
Environment Isolation: Sandboxing deployments to separate tasks and mitigate risks.
Monitoring and Auditing: Configuring tools to log activity and provide audit trails for compliance.
Collaboration with Client IT Teams
We ensure alignment with internal client policies, including SSO, MFA, and data governance standards.
Documentation and Support
Comprehensive documentation and ongoing support are provided to ensure seamless deployment and adaptation to evolving business needs.
What We Choose Not to Do
To prioritise your security and privacy, we have deliberately chosen not to:
Store client-specific data on our platform.
Retain detailed records of user interactions beyond the last five Claude chat prompts (which are automatically deleted). Nor do we review this data.
Process or store payment details internally—this is fully managed by trusted third-party providers like Stripe.
Why You Can Trust Our Approach
Transparent and Secure Practices:
Our security framework is built on transparency, ensuring that clients understand exactly how their data is handled and protected.
Independent Certifications:
Leveraging Azure and Claude’s independently certified platforms ensures compliance with globally recognised standards like SOC 1 and SOC 2.
Focus on Privacy:
By not storing sensitive client data, we minimise risk and ensure your information stays private and secure.
Regular Updates:
We continuously update our systems, such as JupyterLite, to ensure the latest security standards are met.
Proactive Risk Mitigation:
Using Microsoft Defender, we identify and address vulnerabilities before they can become threats, ensuring a proactive approach to cybersecurity.
Contact Us
If you have further questions or require detailed security documentation, such as Azure’s SOC reports, please contact us at [email protected]. We are committed to addressing any concerns and providing additional assurances to meet your organisation’s security expectations.
