Security
Every claim below describes what ships today. We do not publish roadmap items as though they were shipped controls.
Every Digital Passport and Audit Bundle is signed with an Ed25519 private key held by the Sovereign Ledger API. The corresponding public key set is published as a standards- compliant JWKS document so third parties can verify any passport independently, without contacting us.
/.well-known/jwks.json — canonical JWKS. The kid on a passport signature matches the kid on the active JWKS entry. Key rotations propagate without a marketing-site redeploy.
All production data — tenant records, batch events, compliance gate outputs, and the signing key set — is stored in the United States on AWS, across multiple availability zones in a single region. No data replicates outside the United States. EU-resident counterparties who query a Digital Passport do so by hitting the US-hosted verify endpoint over TLS; no personal data crosses the border.
Batch state is derived from an append-only event log. Every compliance decision — RRC Form PR ingestion, severance clear, OFAC screen, zero-flare check — writes a new event. Events are never mutated and never deleted. A FLAGGED batch carries every prior event alongside the flag event, enforced by a database-level invariant rather than application convention, so a bypass of the repository layer still fails at commit time.
We do not currently chain events into a Merkle tree or a blockchain. The tamper-evidence guarantee today comes from the combination of append-only storage, the FLAGGED invariant, and the Ed25519 signature over each passport’s canonical payload. If we add hash-chaining later, this page will be updated to describe it.
Sovereign Ledger has begun the SOC 2 Type I readiness roadmap. This page will be updated when we reach “Type I in progress” with an auditor engaged, and again when a Type I report is attained. We will not claim a SOC 2 status we have not yet earned; a counterparty’s vendor intake process should treat the statement on this page as authoritative.
Security researchers and counterparties who identify a vulnerability should email security@getsovereignledger.com. We acknowledge reports within 72 hours and coordinate on a remediation and disclosure timeline with the reporter. Please do not file public GitHub issues for suspected vulnerabilities.