// trust center
Trust
Security posture, compliance status, audit log, and links to every legal artifact we publish.
Security posture
SOC 2
In progress · Q3 2026
Type I audit started May 2026. Type II Q1 2027.
PENTEST
Scheduled
First external pentest Aug 2026 (Trail of Bits). Public-redacted report.
ENCRYPTION
Active
TLS 1.3 in transit, AES-256 at rest. KMS-backed secrets.
SDLC
Active
Required review, signed commits, branch protection, secret + dep scanning.
Compliance matrix
| framework | scope | status | artifact |
|---|---|---|---|
| GDPR | EU users / EU PII | Compliant | Privacy notice |
| CCPA | California users | Compliant | Privacy notice §8 |
| SOC 2 Type I | Service org controls | Audit underway | Q3 2026 |
| SOC 2 Type II | Operating effectiveness | Planned | Q1 2027 |
| ISO 27001 | InfoSec mgmt | Backlog | 2027 |
| PCI-DSS | Card data | Out of scope | Stripe-hosted |
Audit log
Every score change, appeal, review, and reversal is recorded in our immutable audit log. Customers can export their slice via GET /v1/audit-log.
{
"event_id": "evt_01HX...",
"event_type": "flagged",
"address": "0xa12b...c4d7",
"actor": "system:model:rule_based",
"prior_score": null,
"new_score": 87,
"reason": "sybil",
"timestamp": "2026-05-21T08:14:22.118Z"
}