Security & Compliance Language

Standard Clauses & Technical Safeguards

1. Security Overview

Truthlocks operates a high-integrity attestation platform designed to provide non-repudiable evidence for digital transactions. Unlike distributed ledger technologies (DLT), Truthlocks utilizes a centralized, transparent log architecture with mandatory cryptographic signatures from both the Issuer and the Platform.

2. Cryptographic Controls

• Algorithms: Ed25519 for digital signatures; SHA-256 for integrity hashing.
• Key Storage: Platform keys are stored in FIPS 140-2 Level 3 Hardware Security Modules (HSMs).
• Issuer Responsibility: Issuers maintain control over their private signing keys via our SDK or managed HSM integration.

3. Data Isolation (RLS)

Truthlocks utilizes PostgreSQL Row-Level Security (RLS) as the primary mechanism for tenant isolation.

"The platform enforces strict logical separation at the database layer. Every query is scoped to a specific tenant_id, ensuring that no cross-tenant data access is possible even in the event of partial application-layer compromise."

4. Transparency & Auditability

• Signed Checkpoints: The platform publishes periodic signed hashes of its internal audit log.
• Audit Trails: Detailed logs of all API access, key modifications, and user invitations are maintained for a minimum of 7 years or as per customer agreement.

5. Privacy & Data Lifecycle

Truthlocks follows the "Data Minimizers" pattern:

• Private Payloads: Payloads are never visible to the public transparency log.
• Right to Erasure: Truthlocks supports granular deletion of attestation records while preserving the integrity of the audit log hashes.

6. Commercial Reliability

• SLA: 99.9% - 99.99% core service availability depending on the service tier.
• Backups: Continuous PITR (Point-In-Time Recovery) and multi-region failover configurations.

7. Responsibility Assignment Matrix