Security at Republic

At Republic, security is a company-wide priority, led by a dedicated security team that oversees strategy, security implementation, and operational readiness. The team works cross-functionally with engineering, infrastructure, legal, and compliance groups to ensure a holistic approach to managing risk and maintaining platform integrity.

We maintain a formal governance structure that includes:

• Information Security policies based on international standards and reviewed regularly

• Cross-functional collaboration on risk assessments, incident management, and business continuity planning

• Oversight from senior leadership to ensure alignment with our legal, regulatory, and fiduciary obligations

Our security team is responsible for driving continuous improvements through proactive monitoring, third-party assessments, and security initiatives that scale with our platform growth.

We operate a defense-in-depth model supported by:

• Security controls aligned to ISO/IEC 27001, NIST and SOC 2 Type II

• Regular audits and third-party assessments

• Executive oversight of key risks, incidents, and compliance posture

Republic has earned industry-leading certifications that reflect our commitment to robust security:

• ISO/IEC 27001 certified for:

  • Republic Core LLC

  • Republic Operations LLC

  • Seedrs Limited

• SOC 2 Type II attested for:

  • Republic’s US platform

  • Republic’s Europe platform

We follow best practices from the:

• NIST Cybersecurity Framework

• CIS Critical Security Controls

• OWASP Top 10 (for application security)

Cloud Infrastructure

Our production environments are hosted securely on Amazon Web Services (AWS). This ensures:

• Virtual private cloud (VPC) segmentation

• Redundant infrastructure and disaster recovery

• Fine-grained access controls and monitoring

• Automated backup and encryption of data

Encryption & Access

• In Transit: All data is encrypted via TLS 1.2+

• At Rest: Data is encrypted using AES-256

• Access Controls: Role-based access management and regular privilege audits

Security is embedded into our engineering processes:

• Secure-by-design principles in product planning

• Automated application security testing

• Peer-reviewed code changes and gated release pipelines

• Developer training on secure coding standards

• Ongoing independent penetration testing of key systems by CREST accredited penetration testers.

We take platform security seriously — and we encourage all users to take proactive steps in securing their accounts.

2FA is strongly encouraged. You can enable it within your account settings for extra protection.

We believe in operational transparency. You can monitor real-time and historical system performance at our public Status Page:
status.republic.com

This page includes:

• Live service status

• Ongoing incidents or degraded performance

• Scheduled maintenance windows

We offer access to official audit summaries and documentation to our partners & clients upon request.
This helps facilitate procurement, vendor due diligence, and third-party reviews.

Contact: investors@republic.co

Available documents include:

• ISO 27001 Certificates for Republic Core LLC, Republic Operations LLC, and Seedrs Limited

• SOC 2 Type II Attestation Reports (NDA required)

• Security & Privacy policies (NDA required)

We’re here to support your security, compliance, and IT due diligence needs. Contact our security team: investors@republic.co