Security posture.
Where we are on encryption, key handling, redundancy, and the compliance work in flight. Plus how to report a vulnerability.
Responsible disclosure
Found something? Tell us first. We respond within 48 hours.
- security@txshield.dev
- PGP key
- /.well-known/security.txt
- Severity
- Mark
[CRITICAL]in subject for anything that exposes customer data, lets a third party act as a customer, or breaks the simulate→verdict integrity. - Bounty
- Negotiated case-by-case. We don't run a points-based program, but we pay for real findings.
Please do not use customer data, run automated scanners against production, or test on accounts that aren't yours. Use a free-tier sandbox key for everything.
What we do today
Encryption
API keys hashed with HMAC-SHA256 at rest. All traffic TLS 1.2+ (TLS 1.3 preferred). Webhook payloads signed HMAC-SHA256 with per-endpoint secret.
Key rotation
You rotate API keys from the dashboard at any time. Internal infra secrets rotate on a 15-minute cadence via the secrets API; full rotation drill verified weekly.
Isolation
Customer data is single-tenant on PostgreSQL — no cross-tenant joins are possible at the schema level. Per-tenant blacklists and rules are enforced at query time.
Logs & audit
Per-API-call audit log retained 90 days for all customers, 365 days on Enterprise. sim_id is the stable join key — quote it on any support request.
Redundancy
Active-active across NL-AMS and DE-FRA. Postgres streaming replication, Redis fail-over, RPO < 60s. RTO < 5 min for any single-region failure.
Backups
Encrypted off-site backups taken hourly, retention 14 days / 8 weeks / 6 months. Restore drill verified monthly with a clean cold-start test.
Compliance roadmap
- SOC 2 Type II — evidence-pack-ready today, audit kicks off Q3 2026.
- ISO 27001 — gap assessment complete, certification targeted Q4 2026.
- GDPR (EU) — DPA available on request. We are the data processor; the customer is the controller for any wallet/tx data their users submit.
- BSI IT-Grundschutz — internal mapping in progress (German market).
If you need an evidence pack today (questionnaire, architecture diagram, sub-processor list), email security@txshield.dev from a corporate domain.
Sub-processors
- LeaseWeb (NL-AMS) — primary compute
- Hetzner (DE-FRA) — secondary compute
- Helius — Solana RPC enrichment (no customer PII transmitted)
- Stripe — billing
- Resend — transactional email
Penetration tests. Annual external pentest by an independent firm. Latest report (2026-Q1) available under NDA on request.