LoginJoin Now
LoginJoin Now

Security & Data Protection Statement

Effective Date: April 3, 2026

Last Updated: April 3, 2026

1. Purpose and Scope

This Security & Data Protection Statement ("Statement") sets out the technical, organizational, and governance measures implemented by Foresight Collective ("Company", "we", "us" or "our") to safeguard personal data and ensure the confidentiality, integrity, and availability of the SafeBets platform, including all websites, applications, APIs, and related services (the "Platform").

This Statement applies to all personal data processed by or on behalf of SafeBets, including processing performed by authorized third-party service providers.

This Statement forms part of, and should be read in conjunction with, the SafeBets Privacy Policy, Terms of Service, Cookie Policy, and Responsible Use Policy.

2. Security Framework and Principles

SafeBets operates a risk-based, defence-in-depth security framework designed to protect data and systems against unauthorized access, disclosure, alteration, and loss.

Our approach is aligned with:

  • Applicable data protection laws, including GDPR and UK GDPR (Article 32)
  • Industry standards, including principles aligned with ISO/IEC 27001
  • The principles of Confidentiality, Integrity, and Availability (CIA)

Security controls are proportionate to the nature, scope, and risks associated with processing activities.

3. Governance and Accountability

SafeBets maintains defined governance structures to ensure clear accountability for data protection, cybersecurity, and regulatory compliance.

3.1 Designated Responsibility

Responsibility for data protection and security is assigned to appropriately qualified personnel or functions within the organization, including:

  • A designated Data Protection Officer (DPO) or equivalent responsible individual, where required or appropriate
  • A Security Lead or equivalent function responsible for the implementation and oversight of cybersecurity controls

These roles are responsible for ensuring that security and data protection measures are effectively designed, implemented, and maintained.

3.2 Management and Board Oversight

Senior management maintains active oversight of security, data protection, and compliance risks, including:

  • Periodic review of security posture and risk exposure
  • Oversight of incident response readiness and outcomes
  • Approval and review of key policies, controls, and risk mitigation strategies

Where appropriate, material risks and incidents are escalated to senior leadership or governing bodies.

3.3 Policies, Controls, and Documentation

SafeBets maintains and regularly reviews:

  • Documented security policies, standards, and procedures
  • Risk assessments and control frameworks
  • Records demonstrating compliance with applicable laws and regulations

All policies and controls are subject to periodic review and update to ensure continued effectiveness.

3.4 Independent Assurance and Testing

SafeBets implements independent validation of its security posture, which may include:

  • Periodic penetration testing of systems and infrastructure
  • Vulnerability assessments and security testing programs
  • Internal or external reviews of security controls and processes

Findings are documented, tracked, and remediated in a timely manner.

3.5 Continuous Governance Improvement

SafeBets maintains a continuous improvement approach to governance, including:

  • Monitoring of regulatory developments and industry standards
  • Enhancing controls in response to emerging threats
  • Strengthening oversight, reporting, and accountability mechanisms over time

4. Technical Security Measures

SafeBets implements appropriate technical safeguards, including:

  • Data Protection and Encryption
    • Encryption of data in transit (TLS/HTTPS)
    • Encryption of data at rest where appropriate
    • Secure key management practices
  • Access Control and Authentication
    • Role-based access control (least privilege)
    • Multi-factor authentication where appropriate
    • Secure credential management
  • Infrastructure and Network Security
    • Hardened cloud environments
    • Network segmentation and firewall controls
    • Continuous monitoring and logging
  • Application Security
    • Secure software development lifecycle (SDLC)
    • Vulnerability management and patching
    • Input validation and protection against common attack vectors
  • Resilience and Recovery
    • Backup and recovery processes designed to support system availability
    • Regular testing of recovery capabilities

4.1 Security Monitoring, Logging and Audit Controls

  • SafeBets maintains comprehensive logging, monitoring, and audit controls to support the detection, investigation, and remediation of security events
  • Security event logging is implemented across critical systems, applications, and infrastructure components
  • Logs are retained, protected, and reviewed in accordance with defined retention schedules and security policies
  • Monitoring systems are designed to detect anomalous, suspicious, or unauthorized activity in a timely manner
  • Access to logs is restricted and controlled to prevent unauthorized modification or disclosure
  • Logs and monitoring outputs support incident response, forensic analysis, and continuous security improvement

5. Organizational and Operational Measures

SafeBets implements organizational controls to support its security framework, including:

  • Internal security policies and procedures
  • Staff training and awareness programs
  • Access governance aligned with job roles
  • Confidentiality obligations for personnel and contractors

6. Incident Response and Breach Management

SafeBets maintains formal procedures to detect, respond to, and manage security incidents.

This includes:

  • Continuous monitoring and detection capabilities
  • Defined escalation and response protocols
  • Incident containment, investigation, and remediation
  • Root cause analysis and corrective actions

7. Breach Notification

Where a personal data breach occurs, SafeBets will:

  • Assess the breach in accordance with applicable law
  • Notify relevant supervisory authorities where required (including within 72 hours under GDPR)
  • Notify affected individuals where there is a high risk to their rights and freedoms

7.1 Data Minimization and Protection Principles

SafeBets processes personal data in accordance with Article 5 GDPR principles, including:

  • Data Minimization
    • Data collected is limited to what is necessary for defined purposes.
  • Purpose Limitation
    • Data is processed only for specific, legitimate purposes.
  • Accuracy
    • Data is kept accurate and up to date.
  • Storage Limitation
    • Data is retained only as long as necessary and securely deleted or anonymized thereafter.
  • Integrity and Confidentiality
    • Appropriate security measures protect against unauthorized access, loss, or damage.
  • Lawfulness, Fairness, and Transparency
    • Processing is based on valid legal grounds and communicated clearly to users.
  • Accountability
    • SafeBets maintains controls and documentation to demonstrate compliance.

8. Third-Party Security and Vendor Management

Where third parties process personal data on behalf of SafeBets:

  • Written agreements (including DPAs) are in place
  • Processing is limited to documented instructions
  • Appropriate security measures are required
  • Confidentiality obligations apply
  • Oversight and audit rights are maintained where appropriate

9. Restrictions on Third-Party Use

SafeBets does not permit third parties to:

  • Use personal data for independent purposes
  • Engage in unauthorized processing or profiling
  • Sell or share personal data beyond permitted scope

All processing is strictly limited to supporting the Platform.

10. International Data Transfers

Where personal data is transferred outside the UK or EEA, SafeBets ensures appropriate safeguards in accordance with GDPR Chapter V, including:

  • Transfer Mechanisms
    • Standard Contractual Clauses (SCCs)
    • UK IDTA or UK Addendum
    • Transfers to jurisdictions with adequacy decisions
  • Transfer Risk Assessments
    • Legal frameworks in recipient jurisdictions
    • Risks to data subjects
    • Ability of recipients to comply with safeguards
  • Supplementary Measures
    • Encryption
    • Data minimization
    • Access controls
    • Contractual restrictions
  • Ongoing Monitoring
    • Transfers are regularly reviewed to ensure continued compliance

11. User Responsibilities

Users are responsible for:

  • Maintaining the security of their devices and credentials
  • Using the Platform responsibly
  • Promptly reporting suspected security incidents

12. Limitations of Security

While SafeBets implements appropriate safeguards:

  • No system is completely secure
  • Risks cannot be entirely eliminated

To the extent permitted by law, SafeBets does not guarantee absolute security but applies reasonable and proportionate protections.

13. Compliance and Continuous Improvement

SafeBets maintains an ongoing program to:

  • Review and enhance security controls
  • Address emerging threats and vulnerabilities
  • Improve resilience and operational readiness
  • Maintain compliance with applicable laws and standards

14. Changes to This Statement

SafeBets may update this Statement to reflect:

  • Legal or regulatory changes
  • Updates to security practices
  • Changes to Platform functionality

Where required:

  • The "Last Updated" date will be revised
  • Users will be notified through appropriate channels

15. Contact

For security or data protection inquiries:

SafeBets

Email: [email protected]

Address: 611 S Dupont Highway, Suite 102, Dover, DE 19901 United States