ValID Trust Center

Built for governments. Trusted by enterprises.

Everything you need to evaluate ValID as a critical infrastructure partner. Architecture, certifications, data handling, encryption, and incident response.

Certifications & Compliance

Enterprise-grade assurance

In Progress

SOC 2 Type II

Service Organization Control 2 audit covering security, availability, processing integrity, confidentiality, and privacy. Expected Q4 2026.

Aligned

ISO 27001

Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022. Full certification audit scheduled for 2027.

Compliant

GDPR / LGPD

Privacy-by-design architecture with data minimization, purpose limitation, and lawful basis for all processing. DPO on staff.

Aligned

NIST 800-63

Digital identity guidelines aligned with NIST SP 800-63-3 for identity assurance (IAL), authenticator assurance (AAL), and federation assurance (FAL).

Roadmap

eIDAS 2.0

European Digital Identity framework alignment for cross-border trust and wallet-based credential verification.

Aligned

BSI C5

German Federal Office for Information Security Cloud Computing Compliance Criteria. All 17 criteria mapped and under review.

Security Architecture

Defense in depth

Application Security

OWASP Top 10 mitigation
Input validation & sanitization
Rate limiting & DDoS protection
API key rotation & least-privilege

Network Security

TLS 1.3 everywhere
VPC isolation per tenant
WAF with custom rule sets
Zero-trust internal mesh

Identity & Access

MFA enforced for all admin access
Role-based access control (RBAC)
Just-in-time privilege elevation
quarterly access reviews

Infrastructure

Immutable infrastructure
Automated vulnerability scanning
Patch management < 72h critical
Container image signing

Data Residency

Your data stays where it belongs

ValID deploys within regional cloud boundaries. Data never leaves the jurisdiction without explicit contractual agreement and cryptographic audit trail.

Government Cloud

Dedicated sovereign cloud deployments for national-level deployments.

Private Instance

Single-tenant infrastructure with isolated compute, storage, and networking.

Regional Edge

Edge compute in São Paulo, Mexico City, and Bogotá for sub-50ms latency.

Audit Logs

Immutable, cryptographically signed audit logs with 7-year retention.

Brazil

AWS São Paulo (sa-east-1)

Active

Mexico

AWS Mexico (mx-central-1)

Active

Colombia

GCP Bogotá (southamerica-east1)

Active

Chile

Azure Chile (cl-south)

Planned Q3 2026

Argentina

AWS Buenos Aires (ar-east-1)

Planned 2027

Encryption

End-to-end cryptographic protection

In Transit

All traffic encrypted with TLS 1.3. Certificate pinning for mobile clients. Mutual TLS (mTLS) for service-to-service communication.

At Rest

AES-256-GCM for all stored data. Per-tenant key encryption keys (KEKs) managed in hardware security modules (HSM).

In Use

Confidential computing with AMD SEV-SNP and Intel TDX for sensitive processing. Memory encryption for verification pipelines.

Incident Response

Prepared for the unexpected

Detection

24/7 SOC monitoring with SIEM, behavioral analytics, and automated anomaly detection.

Response

15-minute SLA for critical incidents. Pre-defined runbooks and forensic preservation.

Communication

Stakeholder notification within 1 hour. Public status page and dedicated incident channel.

Recovery

RPO < 5 minutes, RTO < 1 hour. Automated failover across availability zones.

Roadmap

Compliance & security roadmap

Q3 2026

SOC 2 Type II audit completion
Chile regional deployment
Penetration test — external

Q4 2026

ISO 27001 Stage 1 audit
Argentina regional deployment planning
Bug bounty program launch

H1 2027

ISO 27001 certification
eIDAS 2.0 pilot
FIPS 140-3 Level 2 HSM validation

H2 2027

FedRAMP IL2 assessment
Common Criteria EAL2+
Annual security re-certification

Need a security review?

Our security team is available for due diligence calls, architecture reviews, and custom compliance questionnaires.

Contact Security Team Request Full DPA