Skip to content

Security Overview

Circuit KYC is built with security-first principles. We protect sensitive identity data using industry-leading encryption and security practices.

Key Security Features

Transport Security

  • TLS 1.3 required for all connections
  • HTTPS only - HTTP redirects to HTTPS
  • HSTS enabled with 1-year max-age
  • Certificate pinning recommended for mobile apps

Authentication

  • API Key Authentication - Securely hashed keys
  • Verifiable Credentials - Cryptographically signed tokens
  • Key Rotation - Support for multiple active keys
  • Rate Limiting - Per-tenant rate limits

Data Encryption

  • At Rest: AES-256-GCM encryption
  • In Transit: TLS 1.3
  • Key Management: Hardware security modules with automatic rotation
  • Blind Indexing: Search encrypted data without decryption

Infrastructure

  • Cloud-native - Containerized microservices architecture
  • Private network - No public database access
  • WAF - Web Application Firewall protection
  • DDoS Protection - Enterprise-grade mitigation

Compliance

Standard Status
SOC 2 Type II Certified
GDPR Compliant
CCPA Compliant
PCI DSS Level 1
ISO 27001 In Progress

Security Practices

Development

  • Security code reviews for all changes
  • Automated vulnerability scanning
  • Dependency security monitoring
  • Penetration testing (quarterly)

Operations

  • 24/7 security monitoring
  • Incident response team
  • Regular security audits
  • Employee background checks

Access Control

  • Principle of least privilege
  • Multi-factor authentication required
  • Access logging and monitoring
  • Regular access reviews

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly:

Email: security@circuitkyc.com

We appreciate responsible disclosure and will:

  • Acknowledge receipt within 24 hours
  • Provide updates on remediation progress
  • Credit reporters (if desired) in our security advisories

API Key Security

Best practices for API keys:

  1. Never commit keys to version control
  2. Use environment variables for key storage
  3. Rotate keys periodically
  4. Use separate keys for sandbox and production
  5. Monitor usage for anomalies

Questions?

For security questions or to request our SOC 2 report:

  • Email: security@circuitkyc.com
  • Enterprise: Contact your account manager