Incident Response Plan & Breach Notification Policy

1. Purpose

Treeova Technologies ("Treeova," "we," "us") maintains an incident response and breach notification program designed to:

• Protect the confidentiality, integrity, and availability of Treeova systems and customer data
• Reduce customer harm during security events
• Restore normal operations safely
• Communicate transparently with customers and stakeholders

This document includes:

• A high-level Incident Response Plan (IRP)
• A customer-facing Breach Notification Policy

2. Scope

This program applies to:

• Treeova's website, applications, infrastructure, and internal systems
• Third-party services used to operate the platform (hosting, monitoring, identity, analytics, etc.)
• Incidents involving unauthorized access, disruption, misuse, or suspected compromise
• Third-party broker or integration incidents that may affect customers using Treeova

Platform role clarification: Treeova is a SaaS provider and does not act as a broker-dealer or custodian. Trading is executed through third-party brokers selected by users.

3. Key Definitions

• Security incident: An event that may compromise confidentiality, integrity, or availability of systems or data.
• Breach: Confirmed unauthorized access to, acquisition of, or disclosure of sensitive data.
• Sensitive data: Data that could reasonably cause harm if exposed (e.g., credentials, tokens, personal data, security secrets).
• Safe Mode: A restricted operating state intended to reduce risk and prevent additional harm.

4. Incident Response Plan (IRP)

4.1 Incident Response Objectives

Treeova's incident response program is designed to:

• Contain threats quickly
• Preserve evidence for investigation
• Maintain customer ability to reduce risk during market exposure
• Communicate clearly and consistently
• Remediate root causes and prevent recurrence

4.2 Roles and Responsibilities (Internal)

Treeova assigns incident response responsibilities to designated personnel. Typical roles include:

• Incident Commander (IC): Owns coordination, decisions, timeline, and communications approval.
• Technical Lead: Leads investigation, containment, remediation, and recovery.
• Comms Lead: Drafts customer updates and coordinates support messaging.
• Support Lead: Handles inbound customer questions and escalations.
• Legal/Compliance Advisor (as applicable): Advises on notification obligations.

4.3 Severity Levels

Treeova classifies incidents to guide response:

• SEV1 (Critical): Active exploitation, confirmed breach, widespread impact, or high risk of customer harm.
• SEV2 (High): Suspected compromise, limited impact, or credible indicators of attack.
• SEV3 (Moderate/Low): Minor security event, no evidence of data exposure, limited operational impact.

4.4 Detection and Reporting

Incidents may be identified through:

• Automated monitoring/alerts
• Internal audits and anomaly detection
• Reports from customers, partners, brokers, or third parties

Users may report suspected security issues to: support@treeova.com.

4.5 Broker Connectivity and Credential Handling

Treeova does not store broker usernames/passwords. Broker connectivity and token handling are managed through third-party providers (for example, ConnectTrade). Depending on the integration, Treeova may store limited technical identifiers needed to route requests, but does not maintain custody of customer funds or securities.

4.6 Containment: Safe Mode for Trading Automation

If Treeova determines Safe Mode is necessary, Treeova may implement one or more of the following controls:

A) Disable new automated trading

• Disable new strategy activations
• Pause processing of new trading signals/webhooks
• Prevent new automated entries

B) Allow risk-reducing actions for existing exposure (via Treeova controls)

Treeova's goal is to avoid trapping customers in active market exposure. During Safe Mode, Treeova may allow customers to take risk-reducing actions for positions opened through Treeova, including:

• Closing positions
• Reducing position size
• Canceling open orders
• Adjusting protective exits (e.g., stop loss / take profit) where supported

C) Block risk-increasing actions

During Safe Mode, Treeova may restrict actions that increase exposure, including:

• Opening new positions
• Adding to positions
• Increasing leverage or risk settings

D) Freeze sensitive account changes

Treeova may temporarily restrict or require re-verification for:

• Password/email changes
• API key/token changes
• Broker connection changes
• Payout/creator settings (if applicable)

Note: Customers can always manage positions directly through their broker. Treeova may provide guidance on how to do so during an incident.

4.7 If a Broker or Integration Partner Notifies of a Breach

If Treeova receives notice that a third-party broker or integration partner has experienced a security incident, Treeova may take protective action even if Treeova's own systems are not breached.

Depending on the situation, Treeova may:

• Temporarily disable new access to that broker through Treeova (e.g., block new connections, disable new order placement)
• Place broker-specific Safe Mode restrictions on accounts connected to that broker
• Restrict or pause specific strategies or trades routed to that broker
• Provide customers with guidance on managing positions directly with the broker

Treeova will coordinate with the affected third party to understand scope, recommended actions, and restoration steps.

4.8 Investigation and Evidence Preservation

Treeova will preserve relevant logs, artifacts, and forensic data to support investigation and potential legal or regulatory review.

4.9 Eradication and Remediation

Treeova will work to:

• Identify root cause
• Patch vulnerabilities
• Remove malicious access
• Improve monitoring and controls

4.10 Recovery and Return to Normal Operations

Treeova will restore services in phases, which may include:

• Re-enabling features after validation
• Additional verification steps for users
• Post-incident monitoring period

4.11 Post-Incident Review

After a SEV1/SEV2 incident, Treeova will conduct a review to:

• Document timeline and impact
• Identify corrective actions
• Update policies, controls, and training

5. Breach Notification Policy (Customer-Facing)

5.1 When Treeova Notifies Customers

Treeova will notify affected customers when we confirm a breach involving their information, as required by applicable law and consistent with the needs of law enforcement or security investigations. Treeova may also provide broader notices (e.g., to all users) when:

• The scope is uncertain but potentially widespread, or
• Transparency is appropriate to protect users.

5.2 Timing of Notification

Treeova aims to provide notice without unreasonable delay after confirming a breach and determining the scope of affected information. In some cases, notification may be delayed if:

• Law enforcement requests a delay, or
• Immediate notice would increase risk to users or compromise the investigation.

Treeova may issue an initial notice with limited details, followed by updates as facts are confirmed.

5.3 What Treeova Includes in a Breach Notice

Where applicable, breach notifications may include:

• A general description of what happened
• The date range of the incident (if known)
• The types of information involved (if known)
• Steps Treeova has taken to contain the incident (e.g., Safe Mode, key rotation)
• Steps customers can take to protect themselves
• How to contact Treeova for support

5.4 Customer Guidance During an Incident

Depending on the incident, Treeova may recommend customers:

• Reset their Treeova password
• Enable/refresh multi-factor authentication (if available)
• Review broker account activity and open orders
• Contact their broker if they see unauthorized activity

5.5 Communication Channels

Treeova may communicate incident updates through:

• Email to the address associated with the user account
• In-app notifications
• Website notices or a status page (if available)

6. Third-Party Providers and Broker Platforms

Treeova relies on third-party providers for certain services. If an incident originates with a third party, Treeova will:

• Work with the provider to understand scope and remediation
• Notify users as appropriate based on confirmed impact

Because trading is executed through third-party brokers, those brokers may have separate notification obligations for events affecting brokerage accounts.

7. Policy Updates

Treeova may update this document from time to time. Updates will be posted with a revised "Last updated" date.

8. Contact

Questions or security reports may be directed to:

Treeova Technologies
Email: support@treeova.com