We prioritise regulatory compliance, safety, and security as essential and inherent features of our platform. We work diligently with our banking and technology partners to deploy best-in-class tools and practices to remain secure and compliant.
We take care of all the necessary regulatory requirements and manage sensitive financial data to ensure fully compliant financial products and operations.
Through leveraging Branchless Banking regulations we have formed strategic partnerships with State Bank of Pakistan (SBP) regulated bank to ensure our customers receive secure and reliable embedded financial services, backed by our banking partner’s expertise and reliability.
Neem is a fully licensed Non-Banking Finance Company (NBFC) by Securities and Exchange Commission of Pakistan to carry out and undertake Investment Finance Services (IFS). This license empowers us to provide tailored embedded lending solutions targeted towards specific industry segments, like household consumers and MSMEs, as well as to cross-sell savings, investment and insurance products.
We understand the importance of ensuring a secure environment on our platform. With advanced technologies and rigorous protocols, we have implemented comprehensive security measures to protect users and maintain the integrity of our systems.
We enforce strict role-based access control and multi-factor authentication to safeguard our APIs and management functions, ensuring maximum data security.
We regularly assess data, systems, and infrastructure risks to stay updated on potential threats and effectively execute mitigation strategies.
Our systems undergo periodic testing by certified third party security testing services.
We carry out regular vulnerability scans to proactively identify and preempt any threats to the integrity of its systems.
All Neem employees with access to systems are required to undergo annual training on security procedures in place and best practices.
We follow rigorous procedures covering storage and handling of data, to comply with applicable financial and privacy laws.
We collect audit trails for all system level events of its infrastructure.
We use TLS 1.3 and AES 256 encryption to protect data during transit and at rest, ensuring both data integrity and confidentiality.
Our production, sandbox and QA environments are fully segregated with different access control lists.
We maintain strict filters for traffic via security group rules, for both inbound and internal traffic.
Access for client systems is scoped by their tokens which ensures that each client can access only the subset of resources designated for them.
Separate JWT based authentication for end users coupled with multi-factor authentication which ensures a specific user has access only to their allowed data and features.
All tokens are short-lived, limiting the possibility of compromise.
We use TLS 1.3 and 1.2 certificates and EV certificates to better assure its identity to clients.
Role-based access controls limit user access to a specific subset of data based on their assigned role when logging into applications.
All personally identifiable or any other sensitive data is masked whenever displayed or stored in audit trails.
Our platform is designed for high availability, minimizing failover and recovery times.
All production data is regularly backed up and stored within the same jurisdiction.
Continuous infrastructure monitoring promptly alerts any failures, minimising recovery times.
A tested business continuity plan with separate disaster recovery infrastructure is in place to address disruptions.
At Neem, we emphasise the importance of responsible disclosure when it comes to security concerns surrounding our offerings. We value engagement with individuals who report vulnerabilities in a positive and professional manner, ensuring customer protection.
To report any security concerns, contact us at support@neem.io