Trust Center
A short, honest summary of how ChronoLedger handles security, compliance, and reliability — written for procurement teams, security questionnaires, and customers who simply want to know what they're getting.
Version 2026.05.2 · Last updated
How the platform is protected
- Encryption in transit — TLS 1.3 enforced edge-to-origin; HSTS preload submitted; post-quantum hybrid key exchange (X25519MLKEM768) on the public edge.
- At-rest encryption — being rolled out per high-PII table on a Percona pg_tde foundation backed by a self-hosted vault. Privacy Policy and DPA reflect the current scope.
- Role-based access control — three-layer defence: application-level role checks, Postgres row-level security, and edge ACLs at the load balancer.
- Audit logging — append-only with hash chaining for the administrative plane; trigger-enforced immutability for the customer plane.
- Secrets handling — Docker secrets with file-mounted credentials; nothing in environment variables; no secrets in source.
- Supply-chain hygiene — cargo-deny + Trivy + gitleaks gate every build; SBOM generation on the roadmap.
- Multi-factor authentication — TOTP enforced for administrative accounts; rolling out for end-users.
Where we are, where we're going
We are pre-launch and do not yet hold third-party security certifications in our own name. We rely on the audited certifications of the underlying infrastructure providers (notably the ISO 27001 certification of our Amsterdam dedicated-server provider) for the platform layer, and we commit to the roadmap below.
| Programme | Status | Note |
|---|---|---|
| PCI DSS (SAQ-A) | Applicable | No card data on ChronoLedger systems; payment processing delegated to Paddle (merchant of record) and Stripe Connect. |
| SOC 2 Type II | Roadmap | Readiness work to begin once the technical-controls baseline (MFA, EDR, immutable backups) is in place. Realistic Type-I target: 2027. |
| ISO 27001 / 27701 | Under consideration | Will follow SOC 2 Type II if customer demand justifies the investment. |
| GDPR + UK GDPR + HK PDPO | Operational commitment | EU + UK Article 27 representatives are appointed; see the Privacy Policy. |
Availability and recovery
The targets below are operational commitments, not contractual service-level agreements unless reflected in a separately signed enterprise order form.
- Recovery Time Objective (RTO) — 4 hours for the primary application path.
- Recovery Point Objective (RPO) — 1 hour for transactional data; daily for object-storage attachments.
- Backup retention — encrypted backups retained per the schedule in the Privacy Policy; backup-restore drills run on a documented cadence.
- Maintenance windows — published in advance where they affect availability; emergency security patches may be applied without prior notice.
If something goes wrong
- Security report acknowledgement — within 24 hours of receipt at security@chrono-ledger.com (RFC 9116 contact also at /.well-known/security.txt).
- Personal-data breach notification — without undue delay where required by applicable law; aligned with GDPR / UK GDPR Article 33 timelines (72 hours to supervisory authority where applicable) and Article 34 data-subject notification criteria.
- Customer-impact notification — the affected Workspace Owner is notified by email and via the workspace dashboard once impact is established.
- Tabletop exercises — incident-response procedure tested at a documented cadence; results retained internally.
Working with procurement
For SIG / CAIQ / VSA-style questionnaires, the controls described on this page plus the DPA and the Subprocessors page should answer most questions. We also provide:
- a one-page security-overview PDF on request;
- a Transfer Impact Assessment summary for each subprocessor flow under our standard non-disclosure terms;
- a counter-signed DPA on request — Standard Contractual Clauses appended automatically where required;
- a Vendor Questionnaire response under non-disclosure terms.
Email legal@chrono-ledger.com with the subject line "Vendor due diligence" and we will respond as soon as we reasonably can.
The legal stack
- Privacy Policy — what we collect, why, recipients, retention, your rights.
- Data Processing Agreement — Article 28 obligations, transfer mechanisms, security measures, audit rights.
- Subprocessors — every third party that processes data on our behalf, with transfer mechanism and ML-use disclosure.
- Terms of Use — the contract, including indemnification, limitation of liability, and governing law.
- Acceptable Use Policy — prohibited activity, AI / agent-API obligations, enforcement.
- Refund Policy — token model, auto-top-up, statutory cooling-off rights.
- Cookie Policy — what we set and how to control it.
- Accessibility — WCAG 2.2 AA target and feedback channel.