Transaction Security, Risk Management and Cybersecurity Policy

Last updated: January 2026

ARTICLE 1 - OBJECT, SCOPE AND STRATEGIC CHALLENGES

1.1 General context

In the context of its digital financial services activities, Rollo Technologies LLC ('Rollo') places the security of transactions, risk management, and cybersecurity at the heart of its strategic priorities.

This Transaction Security, Risk Management, and Cybersecurity Policy (hereinafter the 'Policy') defines the principles, organizational framework, and operational measures implemented by Rollo to protect the interests of its Users, partners, and stakeholders.

1.2 Scope

This Policy applies to:

all financial transactions processed by Rollo;
all technical infrastructures and information systems;
all Users, employees, and partners of Rollo;
all services offered, including international payments and Mobile Money transfers.

ARTICLE 2 - DEFINITIONS

Transaction security: all measures ensuring the integrity, confidentiality, and availability of financial transactions.
Cybersecurity: protection of computer systems, networks, and data against digital attacks.
Risk management: systematic process of identifying, assessing, and mitigating operational and financial risks.
Authentication: process of verifying the identity of a User before granting access to Services.
Encryption: transformation of data into a coded form to prevent unauthorized access.

ARTICLE 3 - SECURITY GOVERNANCE

Rollo has established a security governance framework integrated into its overall organizational structure.

Security responsibilities are assigned at the highest level of management, with dedicated teams for implementation and monitoring of security measures.

ARTICLE 4 - RISK-BASED APPROACH

Rollo applies a risk-based approach to security, continuously assessing threats and vulnerabilities to allocate resources effectively.

Risk assessments are conducted regularly and after any significant changes to systems or services.

ARTICLE 5 - SECURITY STANDARDS AND FRAMEWORKS

Rollo aligns its security practices with internationally recognized standards, including:

ISO 27001 Information Security Management;
PCI DSS for payment card data security;
NIST Cybersecurity Framework;
industry best practices for fintech security.

ARTICLE 6 - TRANSACTION LIFECYCLE SECURITY

Rollo implements security measures throughout the transaction lifecycle:

secure initiation and authentication;
encrypted data transmission;
real-time fraud detection;
secure processing and settlement;
comprehensive audit trails.

ARTICLE 7 - USER AUTHENTICATION

7.1 Authentication Methods

Rollo implements multi-factor authentication (MFA) to verify User identity, combining:

something you know (password, PIN);
something you have (mobile device, token);
something you are (biometric verification).

7.2 Session Management

User sessions are managed securely with automatic timeouts, session invalidation on logout, and protection against session hijacking.

ARTICLE 8 - ACCOUNT SECURITY

Rollo implements comprehensive account security measures including:

strong password requirements;
account lockout after failed attempts;
suspicious activity alerts;
secure account recovery procedures.

ARTICLE 9 - FRAUD DETECTION AND PREVENTION

Rollo deploys advanced fraud detection systems that analyze transactions in real-time to identify suspicious patterns.

Detection mechanisms include machine learning algorithms, behavioral analysis, and rule-based monitoring.

Suspicious transactions may be delayed, blocked, or flagged for manual review.

ARTICLE 10 - TRANSACTION MONITORING

All transactions are subject to continuous monitoring to detect anomalies, unusual patterns, or potential security threats.

Monitoring systems operate 24/7 with automated alerts for immediate response to security events.

ARTICLE 11 - DATA ENCRYPTION

11.1 Encryption in Transit

All data transmitted between Users and Rollo systems is encrypted using TLS 1.3 or higher protocols.

11.2 Encryption at Rest

Sensitive data stored in Rollo systems is encrypted using industry-standard encryption algorithms (AES-256).

ARTICLE 12 - INFRASTRUCTURE SECURITY

Rollo's technical infrastructure is protected by multiple layers of security including:

firewalls and intrusion detection systems;
network segmentation;
DDoS protection;
secure cloud infrastructure;
regular vulnerability assessments.

ARTICLE 13 - APPLICATION SECURITY

Rollo follows secure development practices including:

secure coding standards;
regular code reviews;
automated security testing;
penetration testing;
secure deployment procedures.

ARTICLE 14 - ACCESS MANAGEMENT

Access to systems and data is strictly controlled based on the principle of least privilege.

Access rights are reviewed regularly and revoked promptly when no longer needed.

All access activities are logged for audit purposes.

ARTICLE 15 - LOGGING AND MONITORING

Comprehensive logging is implemented across all systems to enable security monitoring, incident investigation, and compliance auditing.

Logs are retained securely for the duration required by applicable regulations.

ARTICLE 16 - INCIDENT MANAGEMENT

16.1 Incident Detection

Rollo maintains capabilities for rapid detection of security incidents through automated monitoring, threat intelligence, and User reports.

16.2 Incident Response

A documented incident response plan ensures prompt and effective response to security incidents, including containment, investigation, and recovery procedures.

ARTICLE 17 - DATA BREACH MANAGEMENT

In the event of a data breach, Rollo follows established procedures to:

contain and limit the breach;
assess the scope and impact;
notify affected parties and authorities as required;
implement remediation measures;
conduct post-incident review.

ARTICLE 18 - BUSINESS CONTINUITY

Rollo maintains business continuity plans to ensure service availability in the event of disruptions.

Plans include regular backups, redundant systems, and disaster recovery procedures.

Business continuity plans are tested and updated regularly.

ARTICLE 19 - VENDOR AND THIRD-PARTY SECURITY

Third-party vendors and partners are subject to security assessments before engagement and ongoing monitoring.

Contractual agreements include security requirements and data protection obligations.

ARTICLE 20 - SECURITY AUDITS

Rollo conducts regular security audits, including:

internal security assessments;
external penetration testing;
compliance audits;
vulnerability scans.

Audit findings are addressed through prioritized remediation plans.

ARTICLE 21 - USER RESPONSIBILITIES

Users play a critical role in security and are expected to:

use strong, unique passwords;
enable multi-factor authentication;
keep devices and software updated;
avoid sharing account credentials;
report suspicious activities promptly.

ARTICLE 22 - EMPLOYEE SECURITY

All Rollo employees receive security awareness training and are subject to:

background checks;
confidentiality agreements;
regular security training;
clear security policies and procedures.

ARTICLE 23 - PHYSICAL SECURITY

Physical access to Rollo facilities and data centers is controlled through security measures including access controls, surveillance, and visitor management.

ARTICLE 24 - LIMITATION OF LIABILITY

While Rollo implements comprehensive security measures, no system can guarantee absolute security. Rollo's liability for security incidents is subject to the limitations set forth in the Terms of Use.

ARTICLE 25 - POLICY UPDATES

This Policy may be updated periodically to reflect changes in security practices, technologies, and regulatory requirements.

The current version is always available on www.rollo.money.

ARTICLE 26 - CONTACT

For security-related questions or to report security concerns, please contact us at contact@rollo.money.

ARTICLE 27 - EFFECTIVE DATE

This Transaction Security, Risk Management, and Cybersecurity Policy is effective from its publication date and remains applicable as long as Rollo services are offered.