Institutional standards, plainly explained
This page is maintained by CoreMine Capital to answer common security, privacy, and compliance questions about our platform. It describes current controls; it is not an independent certification.
Data protection
We treat investor data as confidential. Access is restricted, logged, and reviewed. Data is encrypted in transit (TLS 1.2+) and at rest in our managed cloud database. Role-based access controls limit who can view or change investor records.
KYC procedures
Every investor completes identity verification before funding. We verify government-issued ID and proof of address, and screen against sanctions and PEP lists. Verification is retriggered when material account details change.
AML compliance
Our AML program covers customer due diligence, ongoing transaction monitoring, and suspicious activity reporting in line with recognised standards. We keep records of verification decisions and escalations.
Cybersecurity
Multi-factor authentication, session hardening, dependency scanning, and a documented incident response process. Third-party security reviews performed periodically. We monitor for suspicious login activity and enforce strong password policies.
Risk disclosures
All investments are presented with clear risk ratings and projections framed as estimates, never guarantees. Read our full risk disclosure before investing. Past performance does not guarantee future results.
Investor protection
Investor funds are handled through segregated custodial arrangements with our banking partners. We do not commingle client capital with operating funds. Internal transfers and withdrawals follow dual-control approval workflows.
Privacy and data handling
We collect only the personal data needed to deliver our services, verify identity, and meet legal obligations. Investor data is not sold to third parties. Subprocessors are limited to regulated infrastructure, identity, and communication providers chosen for their security track records.
- Transparent privacy notices and opt-in consent for marketing.
- Data retained only as long as legally and operationally necessary.
- Encrypted backups with geographic redundancy and tested recovery.
Infrastructure and operations
Our platform is built on managed cloud infrastructure with automated patching, network isolation, and encrypted storage. Production environments are separated from development and staging. We enforce least-privilege access for staff and maintain a change-management process.
- Continuous vulnerability scanning and dependency updates.
- Network-level DDoS protection and TLS termination.
- Incident response plan with defined escalation and communication steps.
Regulatory context
CoreMine Capital operates within applicable financial services laws in the jurisdictions in which we accept investors. We do not claim government approval or bank insurance on investor deposits, and we do not offer FDIC/FSCS-style protection. Where local law requires registration or licensing for the specific offering, we work with qualified counsel to ensure appropriate structuring.
Security contact
Report suspicious activity, account access issues, or security concerns to security@powermine.example. We aim to respond within one business day.
Vulnerability reporting
If you discover a vulnerability, please email us with reproduction details. We do not take legal action against good-faith security research that follows responsible disclosure.