💡Compliance & Security

Vendors: Sumsub / Jumio / Persona (active‑active redundancy; regional cost/coverage optimization).

Data protection: TLS 1.3 in transit; AES‑256 at rest; KMS key rotation; least‑privilege RBAC/ABAC; full admin audit trails.

Residency & erasure: EU/US split deployments; GDPR erasure (soft‑delete → async hard‑delete → irreversible redacted audit summary).

Smart contracts: multisig upgrades, open audits, formal tools/fuzzing, third‑party re‑reviews.

Org security: SOC 2/ISO track, pen‑tests, bug bounty, zero‑trust network; RPO ≤ 15 min / RTO ≤ 1 hr.

Open interfaces: KYC level attestation (no PII backflow), webhooks (review/settlement), exports (CSV/JSON/Parquet).