Security and trust

The VREC security model limits public data and preserves independently inspectable proof.

The planned product is designed around minimal disclosure, explicit authority, tenant isolation, managed keys, append-only auditability, and portable proof.

01

Privacy by default

Sensitive documents and personal data stay off public chains. Hash-only is the default posture for regulated evidence.

02

Key separation

Issuer, service, network, environment, and treasury keys are designed for separate managed custody and limits.

03

Tenant isolation

Organization, object, role, connector, and administrative boundaries are explicit throughout the platform model.

04

Lifecycle integrity

Corrections and revocations produce signed status events rather than silently rewriting history.

05

Operational accountability

Administrative changes, evidence processing, delivery, and access are designed to produce complete audit records.

06

Independent verification

Open proof formats and transparent registry contracts reduce dependence on VREC’s own interface.

Retention choices

The planned retention modes define how original evidence and proof metadata are handled.

Hash-only

The customer retains the original. VREC handles the fingerprint and minimal proof metadata.

Preferred for sensitive workflows
Hybrid

VREC stores structured evidence metadata while the customer supplies originals when verification requires them.

Balanced integration
Managed document

Encrypted document retention may support hosted verification when contractual and regulatory controls permit it.

Additional obligations

Current posture

The public website does not operate the production evidence service.

The API, key-management plane, chain registrar, customer console, authentication, and operational security program are not active. Product security claims will be updated only as those controls are implemented and independently reviewed.