Skip to content
Agile PlataformasAgile Plataformas
Trust

The evidence behind the platform contract

A consolidated view of our certifications, jurisdictional coverage, security controls and audit cadence — the same dossier we hand to a regulator on day one.

Certifications & assurance

  • ISO 27001

    Aligned · third-party audit annual

    Information-security management system aligned to ISO 27001:2022 controls, audited by an independent assurance partner each year.

  • PCI-DSS v4

    In-scope on payment perimeter

    PCI-DSS v4 controls applied on the payment-orchestration perimeter, with quarterly external scans and a yearly attestation cycle.

  • GLI / BMM / iTech Labs

    Independent certification per integration

    Each game-provider and aggregator integration is certified by an independent GLI-, BMM- or iTech-tier laboratory before it leaves the sandbox.

  • GDPR / LGPD

    Operator-side DPA available on request

    Standard Contractual Clauses, processor agreements, sub-processor register and operator-facing DPIA support, available under NDA.

Jurisdictions covered

Active platform or supplier licences in eight jurisdictions, with two more in supervisor review. See the full licensing matrix for status, since-date and license type per regulator.

See the licensing matrix
  • Portugal
  • Malta
  • United Kingdom
  • Brazil
  • Curaçao
  • Italy
  • Spain
  • Sweden

Security posture

  • Quarterly third-party penetration tests, scoped against the OWASP top-10 plus regulator-specific addenda.
  • Encryption at rest (AES-256) and in transit (TLS 1.3 minimum) across all platform components.
  • Principle-of-least-privilege access with a zero-shared-account policy and time-bounded break-glass.
  • Centralised audit log with 7-year retention in the evidence vault.
  • Vulnerability disclosure programme with a published security.txt — coordinated disclosure window of 90 days.

Audit cadence

Quarterly
External penetration test + internal control review on a rolling scope.
Bi-annual
Regulator-facing evidence pack refresh per active jurisdiction.
Annual
ISO 27001 third-party assurance + PCI-DSS attestation cycle.
Ad-hoc
Operator-driven audits and regulator walk-throughs, scoped on request.

Need our trust pack?

We share the latest attestation pack under NDA on request — typically within five business days.

Request the trust pack

Ready to operate on auditable rails?

Talk to the platform team, we scope, certify and ship within a single quarter.

Request a demoSee licensing