Voltra Trust Center

At Voltra, security isn't just a feature—it's foundational to everything we build. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies. We treat the data entrusted to us—whether from our customers, their end users, or anyone who interacts with our organization—with the utmost care and responsibility. Security is embedded in our DNA, enabling us to deliver innovative solutions without compromising on protection.

trust@voltra.com

Compliance

Resources

Risk and Governance Executive Committee Charter

Company Handbook

GDPR Information Security and Access Control Policy

Principles Relating to Processing of Personal Data

Records of Processing Activities (ROPA) Policy

Controls

Source code access restricted and changes logged

Access control procedures

Quarterly user access reviews performed

Termination Access Revocation Checklist

Access Segmentation Between Customers and Environments

Data encrypted at rest

Data protection policy

Data transfers covered by approved safeguards

Cooperation agreements/data sharing frameworks

Data processing agreements executed and retained

Secure connection means utilized

Code of Conduct acknowledged by employees

Web application firewalls configuration

Outsourced development security requirements managed

Source code changes tested and approved

Anti-malware monitoring

Intrusion detection tool

Centralized Log Collection and Monitoring

Infrastructure firewall

Monitoring tool

Business continuity & disaster recovery plans documented and tested

Incident response and breach notification policy

Security incident logging and review

Breach notification communication

Internal GDPR compliance assessments performed

Binding corporate rules policy

Visitor sign-in, badging, and escort policy

Automated decision-making policy

Technology assets inventoried

Documented Vendor Management Program

Vendor termination

Vendor list

Vendor onboarding

Consent for processing captured via explicit opt-in mechanisms

Age verification and parental/guardian consent process enforced

Confidentiality Agreement acknowledged by employees

Security awareness training implemented

List of active employees & contractors as on date

List of newly hired employees & contractors

Employee handbook

Records of Processing Activities (RoPA) maintained

Whisteblower mechanism maintained

Multi-availability zones

Documentation available to internal and external users

Customer support channels available

Risk management program

Lawful basis assessment

Legitimate interest assessment

Risk and Governance Executive Committee meeting minutes

Patch management process developed

Board/steering committee bylaws

Mobile Device Management (MDM) and BYOT

Board/steering commitee briefing

Production system hardening and baseline configuration management

Subprocessors

Stripe | Financial Infrastructure to Grow Your RevenueCustom

AnthropicAI & ML Services

FAQs

Emergency changes that can't follow regular processes due to urgency require immediate attention and discussion with a relevant service manager. Such changes are formally approved retrospectively after implementation. These emergency changes are later reviewed in periodic meetings to analyze lessons learned, root causes, and impacts.

Our organization actively manages vendor risks through a structured approach that includes maintaining a critical third-party vendor inventory and conducting risk assessments before initiating third-party work. These assessments are repeated annually to identify any gaps between third-party security controls and our information security standards.

The organization carries out background and/or reference checks on all new employees and contractors prior to joining in accordance with relevant laws, regulations and ethics. Management utilizes a pre-hire checklist to ensure the hiring manager has assessed the qualification of candidates to confirm they can perform the necessary job requirements.