Trust Centre

Security Controls

Encryption
At rest: AES-256 on all stored data.
In transit: TLS 1.3 enforced on all endpoints.
WORM records: SHA-256 sealed. Tamper-proof. No expiry.
Access control
API keys: sk_fd_ prefix. Never stored in plaintext. Shown once.
OAuth: GitHub and Google. No password storage.
Revocation: Immediate via POST /v1/account/keys/revoke.
Fraud detection — 8 signals under 100ms
S1 Account age
S2 Velocity
S3 IP reputation
S4 Amount ratio
S5 Device fingerprint
S6 Geographic anomaly
S7 Hour pattern
S8 Recent activity
Security questions