Jump to:

Security at Republic

At Republic, security isn’t just a feature — it’s a core principle. As a trusted platform for investment and crowdfunding, we are committed to protecting the integrity, confidentiality, and availability of user data and financial transactions.

Security Leadership & Governance

At Republic, security is a company-wide priority, led by a dedicated security team that oversees strategy, security implementation, and operational readiness. The team works cross-functionally with engineering, infrastructure, legal, and compliance groups to ensure a holistic approach to managing risk and maintaining platform integrity.

We maintain a formal governance structure that includes:

  • Information Security policies based on international standards and reviewed regularly

  • Cross-functional collaboration on risk assessments, incident management, and business continuity planning

  • Oversight from senior leadership to ensure alignment with our legal, regulatory, and fiduciary obligations

Our security team is responsible for driving continuous improvements through proactive monitoring, third-party assessments, and security initiatives that scale with our platform growth.

We operate a defense-in-depth model supported by:

  • Security controls aligned to ISO/IEC 27001, NIST and SOC 2 Type II

  • Regular audits and third-party assessments

  • Executive oversight of key risks, incidents, and compliance posture

Certifications & Compliance

Republic has earned industry-leading certifications that reflect our commitment to robust security:

  • ISO/IEC 27001 certified for:

    • Republic Core LLC

    • Republic Operations LLC

    • Seedrs Limited

  • SOC 2 Type II attested for:

    • Republic’s US platform

    • Republic’s Europe platform

We follow best practices from the:

  • NIST Cybersecurity Framework

  • CIS Critical Security Controls

  • OWASP Top 10 (for application security)

Republic ISO 27001 Republic SOC 2 Type II Republic ISO 27001 Certified by Kompleye

Platform & Data Security

Cloud Infrastructure

Our production environments are hosted securely on Amazon Web Services (AWS). This ensures:

  • Virtual private cloud (VPC) segmentation

  • Redundant infrastructure and disaster recovery

  • Fine-grained access controls and monitoring

  • Automated backup and encryption of data

Encryption & Access

  • In Transit: All data is encrypted via TLS 1.2+

  • At Rest: Data is encrypted using AES-256

  • Access Controls: Role-based access management and regular privilege audits

Secure Development Practices

Security is embedded into our engineering processes:

  • Secure-by-design principles in product planning

  • Automated application security testing

  • Peer-reviewed code changes and gated release pipelines

  • Developer training on secure coding standards

  • Ongoing independent penetration testing of key systems by CREST accredited penetration testers.

Shared Responsibility

We take platform security seriously — and we encourage all users to take proactive steps in securing their accounts.

Republic Secures Users Can Help By…
Infrastructure, data encryption & auditing Using strong, unique passwords
Threat detection and platform hardening Enabling Two-Factor Authentication (2FA)
Secure authentication & session controls Avoiding phishing links and securing devices, e.g. Anti-virus etc.
Monitoring and incident response Reviewing account activity regularly

2FA is strongly encouraged. You can enable it within your account settings for extra protection.

Service Status & Transparency

We believe in operational transparency. You can monitor real-time and historical system performance at our public Status Page:

status.republic.com

This page includes:

  • Live service status

  • Ongoing incidents or degraded performance

  • Scheduled maintenance windows

Security Documents & Due Diligence

We offer access to official audit summaries and documentation to our partners & clients upon request. This helps facilitate procurement, vendor due diligence, and third-party reviews.

Contact: investors@republic.co

Available documents include:

  • ISO 27001 Certificates for Republic Core LLC, Republic Operations LLC, and Seedrs Limited

  • SOC 2 Type II Attestation Reports (NDA required)

  • Security & Privacy policies (NDA required)

Questions?

We’re here to support your security, compliance, and IT due diligence needs. Contact our security team: investors@republic.co