What is Oniks Capital?

Oniks Capital is a platform that connects Ukrainian startups with European investors, facilitating funding opportunities and business growth in Ukraine's tech ecosystem.

How can Ukrainian startups get funding through Oniks Capital?

Ukrainian startups can register on our platform, create detailed profiles, and connect with verified European investors who are interested in funding Ukrainian tech companies.

What types of investors use Oniks Capital?

We work with angel investors, venture capital firms, and other funding partners from across Europe who are specifically interested in Ukrainian startup opportunities.

Get Started

Security

Security at Oniks Capital

A factual overview of the technical and organisational measures protecting your data. We describe only what is implemented today, and separate it clearly from what we are working towards.

1. Infrastructure Security

Hosting: Vercel (SOC 2 Type II certified) for the web application and serverless functions.
Database, Auth & Storage: Supabase, hosted in the EU (region eu-central-2, Frankfurt) on AWS infrastructure.
CDN & network security: Cloudflare for content delivery and DDoS protection.
Transport: HTTPS is enforced across the platform.

2. Data Security

Encryption at rest: AES-256 (managed by Supabase / AWS).
Encryption in transit: TLS 1.2+.
Row Level Security (RLS): enforced on every table in our application database, so users can only reach data they are entitled to. Privileged server operations use a separate key that is never exposed to the browser.
PII minimisation in logs: error-monitoring payloads are scrubbed of personal data before they leave the application.

3. Access Controls

Role-based access: accounts are scoped to roles (founder, investor, admin), enforced at the database layer.
Multi-factor authentication (MFA): available to accounts via Supabase Auth.
Least privilege: administrative capabilities are restricted to admin accounts.

4. Operational Security

Backups: automated database backups managed by Supabase.
Monitoring: application errors and performance are monitored via Sentry.
Audit logging: sensitive actions (including data exports and account deletions) are recorded in an append-only audit log.

5. What We're Working Towards

We are transparent about what is planned but not yet in place:

SOC 2 alignment

Formalising controls toward certification.

Penetration testing

Independent third-party testing.

Dependency scanning & bug bounty

Automated vulnerability scanning and a coordinated disclosure programme.

6. Report a Vulnerability

If you believe you have found a security vulnerability, please email info@onikscapital.com with the subject line "Security". Please give us a reasonable opportunity to investigate and remediate before any public disclosure. We will acknowledge your report and keep you informed of our progress.

Loading…