Trust, operationalized.
Trust isn't a slogan — it's a set of controls you can audit. This is Creta's current operating posture, without embellishment.
What's already in production.
Data residency
Data hosted in Tier-3+ facilities (LATAM / EU regions) via our infrastructure partners.
Encryption
TLS 1.3 in transit. AES-256 at rest. Key management via dedicated KMS.
Access control
Role-based access, MFA enforced, quarterly access reviews.
Audit trail
Immutable logging for trade, admin and compliance events. Retention ≥ 5 years.
Where we stand, honestly.
- SOC 2 Type IIIn preparationTargeted Q4 2026.
- ISO 27001RoadmapOn roadmap for 2027.
- Pen-testingSemi-annualThird-party pen-test cadence: semi-annual.
- Vulnerability managementContinuousContinuous scanning, SLA for critical fixes ≤ 72h.
- Fraktal Wealth Management GroupParent groupCompliance posture informed by our parent group's institutional framework.
Four steps. No ambiguity.
- I
Detect
Automated alerting + 24/7 monitoring over security and trading events.
- II
Triage
Severity classification, owner assigned within minutes, war-room if needed.
- III
Contain
Key rotation, isolation of affected systems, credential revocation.
- IV
Notify the client
Notification within 24h for material incidents, with timeline and remediation plan.
List of sub-processors available on request under NDA.
MiFID II-aware processes, GDPR-aligned data handling, local regulator templates maintained by our affiliated counsel network.
This page reflects current operating posture. Creta delivers services via affiliated companies; certification status tracks the relevant operating entity.
Request our trust pack.
Build what's next, with Creta.
Tell us where you want to go. A partner reaches out within 24 hours with a diagnostic and a path.
By submitting you agree to receive communications from Creta. We respect your inbox.