Security & Privacy
TRUSTTICA is designed from the ground up to protect identity data, secure verification sessions, and give users full control over their records.
Identity protection
Personal identity data is never exposed to the other party during a verification. Only a confirmation result (verified / not verified) is shared.
- No raw identity data is transmitted between parties
- Verification results are cryptographically signed
- Identity documents are processed in an isolated environment
Secure verification
Every verification request is tied to a unique session and expires after a defined window to prevent replay attacks.
- Time-limited, single-use verification sessions
- Mutual authentication — both parties are confirmed
- Replay attack prevention built into the token structure
Encrypted records
All records stored in the Evidence Vault are encrypted at rest and in transit using industry-standard encryption.
- AES-256 encryption for stored records
- TLS 1.3 for all data in transit
- Keys are managed per-account and never shared
Controlled access
Access to verification records is strictly role-based. Users can only see records they are directly involved in.
- Role-based access control across all account types
- Supervisor and admin roles for organisational oversight
- Full audit log of every access event
Compliance
TRUSTTICA is built to support compliance with data protection regulations applicable to identity verification services. Specific compliance documentation is available to enterprise and law enforcement customers on request.