Information Security at Satispay: Protecting Trust in a Digital World

17 June 2025

At Satispay, our mission is to empower people through finance by making it easy and accessible. We believe that true accessibility is impossible without trust. As we work to build the most loved financial platform in the world, protecting our stakeholders’ data and ensuring the resilience of our services, are at the heart of everything we do.

To formalise this commitment, Satispay Group has implemented a robust Information Security Management System (ISMS) aligned with the international standard ISO/IEC 27001. This system ensures that security is not just a technical feature, but a fundamental pillar of our organisational culture.

The Satispay Group ISMS covers the design, development, and provision of our digital solutions across our core legal entities:

- SatisWelfare S.p.A.: Design and provision of solutions for meal vouchers, shopping vouchers, and corporate welfare products and services

- Satispay Europe S.A.: Design and provision of electronic money and payment services through a fully digital platform, enabling payment solutions for consumers and merchants across various channels, including integration with third-party providers such as PSPs and value-added services

- Satispay Invest S.A.: Design and provision of digital investment products and related services, enabling customers to access and manage investment opportunities through a secure and fully digital platform.

Our Management Body is directly involved in the governance of information security, ensuring that adequate resources are allocated to protect our ecosystem against an evolving threat landscape.

Our security strategy is built on core principles that guide every line of code we write and every business decision we make:

- Secure by design: Security and resilience are built into our products and services from day one, not added as an afterthought. Our platform is designed to be secure and resilient by default.

- Multiple layers of protection: We never rely on a single safeguard. Our security is built in depth, so that if one layer is challenged, others are always in place to protect the confidentiality, integrity and availability of your services.

- Your data, in safe hands: Access to information is granted strictly on a need-to-know basis, ensuring your data is only ever handled by those who strictly need it and only for the purpose it was intended for.

- Security is everyone’s responsibility: From our engineers to our leadership, every person at Satispay plays an active role in keeping our platform safe. We invest continuously in training and awareness across the entire organisation.

- Always improving: The threat landscape never stands still, and neither do we. We continuously learn from audits, reviews, and experience to strengthen our defences and stay ahead of emerging risks.

- The right protection, in the right place: We focus our security efforts where they matter most, ensuring our defences are always proportionate, targeted, and aligned with the real risks our platform might face.

These five objectives guide our daily operations and our long-term security strategy:

- Protecting what matters most: We safeguard the confidentiality, integrity, and availability of all information assets, ensuring sensitive data is protected against unauthorised access while remaining accurate and accessible when needed.

- Always there when you need us: We invest in the resilience and continuity of our customer-facing services, so our platform remains available and reliable at all times.

- Security without borders: We extend our high security standards across our entire ecosystem, from our internal group entities to our critical third-party providers, ensuring there are no weak links in the service provision chain.

- A culture of security: Every person at Satispay, from leadership to every team member, is trained and empowered to play an active role in protecting our platform and our stakeholders.

- Committed to the highest standards: We hold ourselves to the benchmark of ISO/IEC 27001 certification, and continuously improve our ISMS to ensure our defences evolve alongside the threat landscape.