Selllution provides tooling that supports your compliance obligations. You remain responsible for your own regulatory compliance — see our AML & KYC Policy.
Controls in place
What we have, and what it satisfies.
Bank details encrypted
AES-256-GCM at rest on bank details, invoice tokens and agreements. Data protection · SOC 2
Unguessable public links
Public invoice & certificate links use 256-bit identifiers. Data protection
AML / KYC due diligence
Identity, sanctions & PEP screening via a connected provider. AML
Append-only audit log
Every check and sensitive action written to an immutable log. AML · SOC 2
RBAC — enforce mode
Least-privilege by default; denials return 403. SOC 2 · ISO 27001
MFA & zero-trust admin
MFA enforced for admins; sensitive reads re-verify identity. SOC 2 · ISO 27001
GDPR DSR lifecycle
Data-subject-request queue with SLA clocks and overdue tracking. GDPR
ICO registered controller
Registered with the UK Information Commissioner's Office. GDPR · ZA000000
QR certificates
Verifiable provenance & authenticity on every asset. Provenance
Card data in PCI scope
PAN & CVV never touch our servers — held by our processor. PCI DSS
Related