for Capable Agents AB

Last updated: 19th of November 2025

1. Purpose

The purpose of this Information Security Policy is to define how Capable Agents AB (“Capable”, “we”) protects the confidentiality, integrity and availability of information processed in connection with our services (“the Services”).

The policy applies to:

• all information and systems used to provide the Services;
• all employees, founders and contractors with access to Capable systems or data;
• both Customer Data and Capable’s own internal information.

This policy is supported by more detailed documents under Security and compliance and Terms, privacy, and DPA.

2. Objectives and principles

Our information security objectives are to:

• protect Customer Data and Customer Personal Data from unauthorised access, disclosure, alteration and destruction;
• maintain appropriate availability and resilience of our Services;
• comply with applicable legal and contractual requirements, including GDPR;
• integrate security into our product development and operations from an early stage.

We follow principles such as:

• least privilege and need-to-know access;
• defence in depth;