Compliance & Security

Frameworks & audits

• SOC 2 Type II — annual, independent audit. Latest report available under NDA.
• ISO 27001 — information security management; certification in progress.
• Annual penetration testing by a tier-one offensive-security firm.
• Continuous bug-bounty program with bounties up to $250,000.

Custody controls

• 95% of client assets in deep cold storage, geographically distributed.
• Threshold-signed MPC keys (M-of-N) for hot-wallet operations.
• Hardware security modules (HSMs) for all signing operations.
• Daily independent reconciliation of on-chain holdings against client ledgers.

Operational controls

• Zero-trust network architecture; no implicit internal trust.
• Hardware-key MFA enforced for all staff with production access.
• Just-in-time access; every privileged action recorded on an immutable audit log.
• 24/7 risk operations and detection-and-response coverage.

Insurance

Custodial assets are protected by a layered insurance program underwritten by Lloyd's of London syndicates and supplementary specialty carriers, covering external theft, internal collusion and key compromise within the cold-storage perimeter.