Trust Center

How Atestaria earns the right to be trusted

Security, privacy, compliance, and the live cryptographic state of our audit log — in one place. Every number on this page is sourced; click through to verify it yourself.

What you can verify here

Security overview

Read our security practices, encryption, key management, and incident response.

Privacy & DSAR

System status

Real-time per-region uptime and 90-day history at /status (JSON dashboard at /trust/status).

Vulnerability disclosure

Coordinated disclosure policy in security.txt. Bug bounty at /trust/bounty.

Sub-processors

See the full list below. We notify customers in advance of any change.

DPA & contracts

Download our Data Processing Agreement template.

Security questionnaires

Pre-filled SIG Lite and CAIQ available for download.

Smart contract audit

$SEAL token audit report at /trust/audit-report (engagement scheduled).

Live trust metrics

Updated every 60 s from the production database. Full JSON at /trust/stats.json.

Anchors

0 committed · 0 in last 24h

Content registered

0 verifications in 24h · 0 in 30d

Bitcoin OTS

of 0 attestations · 0.0% anchored

SLA (30d)

99.1786%

487 requests · 4 failed

DIDs registered

identities in the public registry

Credentials issued

0 certified AI provenance

Global reach

countries with active partners

OpenTimestamps calendars

independent calendars in the anchoring set

Governance activity

Off-chain mirror of staked $SEAL and weighted proposal tallies. On-chain SealToken.stakedBalance remains authoritative for finalisation.

Voter? Link your wallet. Connect your EVM wallet to a voter DID so your staked $SEAL counts toward weighted votes — open the self-serve wallet-linking page. No API key required; the page walks you through challenge → wallet sign → submit using MetaMask or any EIP-1193 provider.

Compliance status

Framework	Status	Target / notes
SOC 2 Type I	completed	Achieved Q3 2026
SOC 2 Type II	in progress	Q1 2027 (observation period active)
ISO 27001	in progress	Q4 2026 (Stage 2 audit scheduled)
ISO 27701 (Privacy)	planned	Q2 2027
GDPR	compliant
LGPD	compliant
CCPA	compliant
PIPEDA	compliant
eIDAS QTSP	in progress	Q4 2026 — application filed with EU Conformity Assessment Body (PT/ES)
PCI DSS	via stripe	Payments handled exclusively by Stripe

Sub-processors

Provider	Purpose	Region	Reference
Replit	Hosting & infrastructure	US/EU	link
Stripe	Payment processing	Global	link
OpenAI	AI content analysis	US	link
Didit	Identity verification	EU	link
Replit Mail	Transactional email	US	link

Audit chain — current head

Every sensitive event we record is hash-chained. Below is the SHA-256 head of the live chain. Anyone can verify integrity at any time.

GENESIS

Signed head (JSON) Verify chain

Contact

Security: [email protected] · Privacy: [email protected] · Legal: [email protected]

Last updated 2026-05-03.

How we decided this layout: design rationale & sources.