Security

At Positioned, we take the security of your accounts and personal information seriously. This page outlines the measures we employ to help protect your data, as well as best practices you can follow to enhance your own security. While no system is completely immune to risk, we are committed to implementing commercially reasonable safeguards.

Important: Positioned Pte. Ltd. is not a financial institution, broker-dealer, or custodian. We do not hold, manage, or have access to your funds or financial accounts. The security measures described below relate solely to the protection of your Positioned account and the data associated with our Services.

1. How We Protect You

We employ a range of commercially reasonable technical and organisational measures designed to protect your account and personal data. The following describes some of the measures currently in place; however, security practices evolve over time and we reserve the right to modify our approach as we deem appropriate.

2. Account Protection Measures

Encrypted Communications

Our websites and applications use TLS/SSL encryption to protect data transmitted between your device and our servers. This helps prevent interception of your information during transmission.

Authentication and Access Controls

We utilise industry-standard authentication mechanisms to verify user identity and control access to our systems. We support authentication through email/password and third-party providers (such as Google and Apple).

Account Activity Monitoring

We may monitor account activity for signs of unauthorised access or suspicious behaviour. If we detect unusual activity, we may take protective measures, including temporarily restricting account access.

Customer Notifications

We may notify you when significant changes are made to your account, such as updates to login credentials or account settings. We encourage you to monitor these notifications and report any changes you did not authorise.

Infrastructure Security

We utilise firewalls, intrusion detection systems, and other security technologies to help protect our systems from unauthorised access. Our infrastructure is hosted with reputable cloud service providers that maintain their own comprehensive security programmes.

Privacy Practices

Positioned Pte. Ltd. is committed to protecting the confidentiality and security of the information we collect about you in accordance with our Privacy Policy and applicable data protection laws, including the Singapore Personal Data Protection Act 2012 (PDPA). We will not share your personal data with third parties except as described in our Privacy Policy or as required by law.

Communication Practices

Positioned Pte. Ltd. will never contact you through unsolicited text messages, SMS, or social media direct messages to request personal information, credentials, or payments. We will never ask for your password via any communication channel. If you receive any communication claiming to be from Positioned that requests such information, please report it immediately to security@positioned.app.

3. Security Limitations

While we strive to protect your information, no security system is impenetrable. We cannot and do not guarantee that our systems will be free from vulnerabilities, that our security measures will prevent all unauthorised access, or that your information will never be compromised. You acknowledge that:

  • The transmission of information over the internet inherently involves security risks
  • We are not responsible for circumvention of any security measures implemented on the Services
  • You are solely responsible for maintaining the security of your account credentials, devices, and personal information
  • Positioned Pte. Ltd. shall not be liable for any loss, damage, or liability arising from unauthorised access to your account that results from your failure to safeguard your credentials or comply with the security practices described below

4. How You Can Protect Yourself

Account security is a shared responsibility. The following best practices can help you better protect your account and personal information. While these recommendations are provided in good faith, they do not constitute professional security advice, and Positioned Pte. Ltd. accepts no liability for any security incidents arising from your practices.

Use Strong, Unique Passwords

Create strong passwords using a combination of uppercase and lowercase letters, numbers, and special characters. Never reuse passwords across different services. Consider using a reputable password manager to generate and securely store complex passwords.

Enable Two-Factor Authentication

When available, enable two-factor authentication (2FA) for an additional layer of security. This requires both your password and a second verification method, such as an authenticator app or code sent to your device.

Use Trusted Devices and Networks

Access your account only from trusted personal devices. Avoid using public or shared computers. When using Wi-Fi, prefer secured networks and consider using a VPN on public networks.

Keep Software Updated

Regularly update your operating system, browser, and applications to ensure you have the latest security patches. Enable automatic updates whenever possible.

Be Cautious of Phishing

Be wary of emails, messages, or websites that attempt to impersonate Positioned or request sensitive information. Verify suspicious communications by visiting our official website directly or contacting us at security@positioned.app. We will never ask for your password via email or any other communication channel.

Lock Your Devices

Use a password, PIN, biometric lock, or other security measure on all devices used to access your account. This helps prevent unauthorised access if your device is lost or stolen.

Use Security Software

Install and maintain reputable anti-virus and anti-malware software on your devices. Enable automatic updates to stay protected from the latest threats.

Be Mindful on Social Media

Limit the personal information you share on social media, as it may be used by malicious actors for social engineering attacks. Avoid sharing information commonly used for security questions or identity verification.

5. Beware of Imposter Scams

Warning

Scammers may attempt to impersonate Positioned or its representatives via phone, text, email, or social media, creating fraudulent accounts or websites to collect personal information or induce payments.

Please remember:

  • Positioned Pte. Ltd. will never request payments through unofficial channels, cryptocurrency, or wire transfers
  • We will never ask for your password, security codes, or one-time codes via email, phone, text, or social media
  • We will never pressure you to make immediate payments or financial decisions
  • All legitimate payments are processed through our official website or app store billing

Positioned Pte. Ltd. is not liable for any losses resulting from payments made to, or information shared with, scammers or unauthorised third parties. If you believe you have been targeted by a scam or have shared information with a fraudulent party, please:

  • Contact us immediately at security@positioned.app
  • Contact your financial institution to report the fraud
  • Report the incident to local law enforcement and relevant authorities in your jurisdiction

6. Vulnerability Disclosure Policy

Positioned Pte. Ltd. is committed to maintaining the security of our systems and the protection of user data.

Performing security testing against our systems without prior written authorisation is strictly prohibited and may result in civil or criminal liability.

If you inadvertently discover a potential vulnerability in our Services, we ask that you report it responsibly by emailing security@positioned.app with the following details:

  • A description of the potential vulnerability, including how it was discovered
  • Steps to reproduce the issue
  • Screenshots or URLs, if applicable
  • Your contact information for follow-up

We will review reported vulnerabilities and endeavour to respond in a timely manner. Positioned Pte. Ltd. does not currently offer monetary rewards or “bug bounties” for vulnerability reports. We appreciate responsible disclosure and may acknowledge researchers who help improve our security, at our sole discretion.

7. Security Contact

If you have security concerns, suspect unauthorised access to your account, or need to report a security incident, please contact us immediately:

Positioned Pte. Ltd.

Security Team

Email: security@positioned.app

General Support: support@positioned.app

For privacy-related questions, please see our Privacy Policy or contact privacy@positioned.app.

Security Checklist

  • Use strong, unique passwords and enable two-factor authentication
  • Keep your devices and software updated
  • Be cautious of emails and messages requesting sensitive information
  • Never share your password or security codes with anyone
  • Use trusted devices and secure networks when accessing your account
  • Report suspicious activity immediately to security@positioned.app