Security & Responsible Disclosure

Reference information for procurement, compliance and responsible-disclosure review.

This page summarises how GP Capital handles platform access and confidential information at a high level, and provides the contact path for reporting potential security issues. It is informational and may evolve over time. The Services described here are operated by GP CAP Pty Ltd (ACN 665 155 608 · ABN 90 665 155 608).

Security contact & responsible disclosure

Security concerns and responsible-disclosure reports can be sent to info@gp-cap.com.

The machine-readable contact record is published at /.well-known/security.txt per RFC 9116.

We ask that reporters provide enough technical detail to reproduce the issue and refrain from accessing, modifying, or disclosing information that does not belong to them. We do not currently operate a paid bug-bounty programme.

Platform access model

Access to the GP Capital deal-room platform is invitation-only and permissioned. Counterparty access is granted on a per-deal basis according to role and explicit assignment, not by counterparty type alone.

External access is controlled by the GP Capital internal team.
Document visibility is governed by role and per-document permissions.
Access may be restricted, time-limited, or revoked by the internal team.
Internal accounts use multi-factor authentication; passkey sign-in is supported.

Confidentiality & information handling

Materials shared via GP Capital deal rooms are confidential and intended only for the recipient. Counterparties are granted access according to their role and the relevant mandate; access does not constitute an offer of securities.

NDA acceptance is required before counterparties can view deal materials.
Where applicable, documents may be subject to preview-only controls, download controls, or watermarking — applied per-document at the discretion of the internal team.
Document access events are logged for audit purposes.
External redistribution requires GP Capital's prior written consent.

We do not claim that every document is watermarked or download-restricted by default. Controls are applied where the underlying counterparty or transaction requires them.

Reporting & review

For broader review of how we operate the platform, the following public references apply:

Privacy Policy — how personal information is collected, used, and retained.
Terms of Service — terms governing use of the public website.
Platform Terms — terms applicable to authenticated portal use.
Disclosures — eligibility, jurisdictional restrictions, and conflicts.
/.well-known/security.txt — machine-readable security contact record.

Operational status

Aggregate, anonymised operational signals (e.g. recent system health) appear in the site footer when available. They are summary indicators and not a substitute for direct enquiry on a specific transaction.

For a fuller procurement / diligence overview — hosting, data retention, backup, incident response, and DPA — see the Trust Center.

This page is provided for informational purposes only and does not form part of any contract. It is intended for wholesale / sophisticated counterparties. Nothing on this page constitutes an offer of securities or a representation regarding any specific transaction.

Last updated: 12 May 2026.