// public sandbox · real alchemy ingestion · model v0.5.0-gov-expanded · status
SYBILSHIELD

// trust center

Trust

Honest current state. We'd rather under-promise here than over-claim compliance posture we haven't actually shipped yet.

Current security state

Security posture

SOC 2

Not started

Planned after incorporation and first production customer data handling.

Pentest

Not scheduled yet

Planned before production launch. No vendor selected.

Encryption

Active

TLS 1.3 in transit, AES-256 at rest (Postgres + filesystem). Secrets in env, not source.

SDLC

Active

Public repo + signed commits + CI test gates. Secret scanning via GitGuardian on push.

Compliance matrix

frameworkscopestatusartifact
GDPREU users / EU PIICompliantPrivacy notice
CCPACalifornia usersCompliantPrivacy notice §8
SOC 2 Type IService org controlsNot startedPlanned after incorporation
SOC 2 Type IIOperating effectivenessPlannedAfter SOC 2 Type I
ISO 27001InfoSec mgmtBacklog2027+
PCI-DSSCard dataOut of scopeNo payments — free public good

Audit log

Every flagged score, every appeal, every reversal is written append-only toevidence_audit_log. Customers can export their slice via GET /v1/audit-log?analysis_id={id}.

{
  "event_id": "evt_01HX...",
  "event_type": "flagged",
  "address": "0xa12b...c4d7",
  "actor": "system:v0.5.0-gov-expanded",
  "prior_score": null,
  "new_score": 87,
  "reason": "sybil",
  "timestamp": "2026-05-25T08:14:22.118Z"
}

Quick links