• Launch your own robo-advisor now! For US$99/month. Click here to find out more about Bambu GO.

© 2022 Mangosteen BCC Pte Ltd. All Rights Reserved.


What are your certified practices?

Bambu has established information security policies and procedures that are SOC 2 certified. Policies and procedures are reviewed regularly to assess the effectiveness of our controls. Should you require an audit report, you can obtain one upon request under a non-disclosure agreement.

Does Bambu have a built-in security?

Security is embedded in all stages of the software development lifecycle (SDLC) at Bambu, from requirements to deployment, monitoring, and incident management.

Does my company have audit rights?

Bambu always ensures our customers and regulators can execute their supervisory functions and have effective audit rights to Bambu’s business premises and processes.

What is the system/practice for user access control and data isolation?

Our Bambu BUILD customers will have a dedicated environment that provides greater control over the domain and increase the isolation required by financial regulators.

How does Bambu navigate database security?

We apply principles of least privilege and need to know along with relevant access control processes, data protection mechanisms and regular awareness trainings to reduce the chances of data loss or leakage by internal or external threats.

What is Bambu's policies and practices on the storage and protection of customer data?

Any processes or procedures implemented regarding data privacy within Bambu are inline with Singapore’s Personal Data Protection Act (PDPA).

I have been contacted by someone who claims to be from Bambu. How do I know if the person is actually from Bambu?

If you receive an email from someone claiming to be an employee at Bambu but you are not sure of their legitimacy, please contact the team via our website at or email us at with details of the liaison. We will be able to verify the authenticity of the communication

What security practices do you follow?

Our control measures evolve around the NIST cybersecurity framework, which focuses on five main factors: identify, protect, detect, respond, and recover.

We continuously ensure that our platform complies with industry standards for cyber security, such as ISO/IEC 27001.

Our platform can offer authentication via LDAP and a two-step verification process, such as OTP. We integrate with the two-factor authentication (2FA) provider of the client’s choice. On top of that, our platform supports OAuth 2.0, Open ID, and SAML for SSO protocols.

Download our
free Case Study

To download our case study, please submit the form below and we will e-mail you the link to the file.