EBO has a GDPR-aligned Data Protection Policy covering data minimisation, encryption, pseudonymisation, and DPIAs for high-risk processing. All personal and sensitive data is encrypted at rest (AES-256) and in transit (TLS 1.2+), with multi-factor authentication and audit logging enforced across the platform.