We don't have a dedicated one, but this reponsibility is taken care of by our CEO Artem Demchenkov, who has solid Information Security experience, including 8 years of being responsible for it in the FinTech industry (Funding Circle Germany, Billie) as Head of Engineering and CTO. Billie is regulated by a German regulator BAFIN and Artem was taking care of the CIRO responsibilities there for 4.5 years.
On top of that, he is also deeply familiar with PCI DSS, since he as a consultant helped a B2B cryptocurrency company Mercuryo to get a PCI license and prepare their infrastructure and documentation for quarterly audits.
How is personal data information (PII) stored and secured (employees, customers, etc.)? Is there data processed outside the EU?
All data is stored in the EU in the AWS data center in Frankfurt. That's where the personal information of employees is also stored. The PII of customers is stored in Salesforce in their EU data center in Frankfurt as well.
Yes, we do have policies containing in particular areas of organization of information security; human resources security; asset management; access control; cryptography; physical and environmental security; operations security; communications security; system acquisition, development, and maintenance; supplier relationships; information security incident management, information security continuity management; compliance; personal data protection. This documentation can be provided by a request.