Security & Trust Center
Last Updated: June 8, 2026
Our Security Promise: We do not store your AI decision data. We process SHA-256 hashes in ephemeral memory (<200ms) and persist only Ed25519 signatures and certificate metadata. A full database breach yields nothing but irreversible cryptographic strings.
🔐 Cryptographic Architecture
🔏 Ed25519 Signatures
- Standard: RFC 8032
- Key size: 32 bytes (public), 64 bytes (private)
- Signature size: 64 bytes
- Faster than RSA by 100x
- NIST-approved (FIPS 186-5)
🧮 SHA-256 Hashing
- Standard: FIPS 180-4
- Output: 32 bytes (256 bits)
- Collision resistant
- One-way function — irreversible
- Used by Bitcoin, TLS, Git
🕵️ Zero-Knowledge Processing
- Ephemeral RAM only (<200ms)
- No disk write of original data
- No database logging of payloads
- Memory zeroed after processing
- Breach yields only cryptographic strings
📡 Offline Verification
- OpenSSL standard tooling
- No Versyn dependency
- Verify on any machine
- Works without internet
- Forever verifiable
🏛️ Compliance Posture
🇪🇺 EU AI Act Active
- Article 12: Record-Keeping Ready
- Article 13: Transparency Aligned
- Non-repudiation by mathematics
- Audit trail tamper-evident
🏛️ DORA Active
- ICT Risk Management aligned
- Incident documentation
- Articles 17-23 compliance
- Digital resilience evidence
🔒 GDPR Active
- Article 5: Data Minimization
- Right to erasure: instant
- No PII storage
- Privacy by design
🇸🇦 SAMA AI Active
- AI Principles aligned
- Mathematical proof of integrity
- Transparency & explainability
🛡️ Security Controls Matrix
We document what we have. We do not claim what we do not:
| Control | Standard | Status | Evidence |
|---|---|---|---|
| Data Encryption at Rest | AES-256-GCM | Active | HSM-backed (Cloudflare) |
| TLS in Transit | TLS 1.3 | Active | Cloudflare Edge |
| Key Management | Ed25519 (RFC 8032) | Active | HSM + Auto-rotation (90 days) |
| Zero-Knowledge Processing | Ephemeral RAM | Active | <200ms processing, no disk write |
| Access Control | RBAC + API Keys | Active | Scoped tokens, rotation |
| Audit Logging | Immutable Logs | Active | WORM storage, 7-year retention |
| DDoS Protection | Cloudflare | Active | Layer 3/4/7 protection |
| SOC 2 Type II | Trust Services | In Progress | Type I: Q3 2026 | Type II: Q1 2027 |
| ISO 27001 | ISMS | In Progress | Target: Q4 2026 |
| Penetration Testing | OWASP / NIST | Planned | Annual, third-party |
🏗️ Infrastructure
🌐 Edge Deployment
- Cloudflare Pages (Static)
- Cloudflare Workers (API)
- 300+ edge locations
- Global latency <50ms
🔑 Key Management
- HSM-backed root keys
- Automatic rotation (90 days)
- Multi-region redundancy
- Key ceremony documented
🗄️ Data Storage
- Encrypted at rest (AES-256)
- TLS 1.3 in transit
- Only hashes + signatures stored
- No original decision data
🏠 Sovereign Node
- Full Docker image
- Air-gapped capable
- Zero external network
- Custom VPC support
🚨 Incident Response
⏱️ Monitoring
- 24/7 automated monitoring
- Anomaly detection
- Real-time alerting
- Status page: status.versyn.dev
📢 Notification
- Breach notification: 72 hours
- Customer alert: 24 hours
- Regulatory report: as required
- Contact: [email protected]
📬 Contact Security Team
For security inquiries or vulnerability reports:
- Email: [email protected]
- PGP Key: Available upon request
- Response time: <24 hours for critical issues