Privacy by default
Sensitive documents and personal data stay off public chains. Hash-only is the default posture for regulated evidence.
Security and trust
The planned product is designed around minimal disclosure, explicit authority, tenant isolation, managed keys, append-only auditability, and portable proof.
Sensitive documents and personal data stay off public chains. Hash-only is the default posture for regulated evidence.
Issuer, service, network, environment, and treasury keys are designed for separate managed custody and limits.
Organization, object, role, connector, and administrative boundaries are explicit throughout the platform model.
Corrections and revocations produce signed status events rather than silently rewriting history.
Administrative changes, evidence processing, delivery, and access are designed to produce complete audit records.
Open proof formats and transparent registry contracts reduce dependence on VREC’s own interface.
Retention choices
The customer retains the original. VREC handles the fingerprint and minimal proof metadata.
Preferred for sensitive workflowsVREC stores structured evidence metadata while the customer supplies originals when verification requires them.
Balanced integrationEncrypted document retention may support hosted verification when contractual and regulatory controls permit it.
Additional obligationsCurrent posture
The API, key-management plane, chain registrar, customer console, authentication, and operational security program are not active. Product security claims will be updated only as those controls are implemented and independently reviewed.