Skip to main content

Security & Responsible Disclosure Policy

The Tree Capital takes the security of its platform and its customers' data extremely seriously.

Reporting a Security Issue

If you believe you have found a security vulnerability in our systems, we encourage you to report it to us responsibly.

  • Email: security@thetreecapital.com
  • Please include a clear description of the issue, steps to reproduce it, and any supporting evidence.
  • Do not attempt to access, modify, or delete data that does not belong to you.

What We Commit To

  • We will acknowledge your report within 5 business days.
  • We will investigate the issue and provide an update within 15 business days.
  • We will not pursue legal action against researchers who act in good faith.
  • We will credit you (if desired) when the vulnerability is resolved.

Data Breach Notification

In the event of a personal data breach, The Tree Capital will:

  • Notify affected individuals and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where required by UK GDPR.
  • Notify HMRC by logging a support ticket within 72 hours where HMRC customer data is involved.

Security Contacts

Security disclosures: security@thetreecapital.com

General enquiries: info@thetreecapital.com

A machine-readable version of this policy is available at /.well-known/security.txt

Last reviewed: April 2026