Trust & Security

Every screen is deterministic and auditable. We don't return an opaque score — each verdict carries the evidence behind it (which list matched, which entity was attributed, which fund-flow path was traced), and every check is logged with a timestamp, the user, and a unique request ID.

How a verdict is produced

1. 1
   Sanctions & scam matching. The address is checked directly against OFAC sanctioned digital-currency addresses and open abuse/scam databases. A direct sanctions hit is decisive.
2. 2
   Entity attribution. Known addresses are labelled with a neutral entity type (exchange, mixer, bridge, gambling). These labels are kept separate from risk, so a legitimate exchange hot wallet is identified without inflating its score.
3. 3
   Fund-flow analysis. For unattributed addresses we trace on-chain flow across BTC and EVM chains and detect structuring patterns — deposit clustering, peel chains, layering, and exposure to mixers or bridges.
4. 4
   Indirect counterparty exposure. Downstream exposure to sanctioned, darknet, or scam counterparties raises the score — but indirect signal alone is capped so it forces a REVIEW, never an automatic rejection.
5. 5
   Score → policy → verdict. The result is a 0–100 risk score, which your own policy thresholds turn into a verdict.

Each result also names the specific risk typologies it found — e.g. MIXER_EXPOSURE, SANCTIONS_EXPOSURE, PEEL_CHAIN, EXCHANGE_DEPOSIT — so an analyst can see why, not just what.

Limitations. On-chain attribution is probabilistic — we cite the source behind every flag rather than asserting certainty, stay deliberately conservative on indirect exposure, and you set the thresholds. The REVIEW band exists precisely so a human makes the call on ambiguous cases.

What we store: the address and chain you submit, the screening result and its evidence, audit logs (timestamp, user, request ID), and your account and billing data. We never take custody of funds or private keys.

Encryption: data is encrypted in transit (TLS) and at rest. API keys are stored only as salted hashes (SHA-256); other secrets are encrypted with AES-256-GCM. Plaintext keys are shown once, at creation, and never again.

Retention & your rights: screening results and audit logs are retained so they remain available for your own compliance and audit obligations. You can export or delete your organisation's data on request; consumer investigation data is anonymised and soft-deleted under our retention policy, in line with GDPR data-subject rights.

Residency: your data is hosted in the EU.

We keep the list of third parties that process customer data deliberately short:

A current sub-processor list and our Data Processing Addendum (DPA) are available on request.

• Token-authenticated APIs with per-key scoping and rate limiting.
• Least-privilege internal access; secrets encrypted at rest; service isolation.
• Immutable audit logging of every screening, attributable to a user and request ID.
• Continuous dependency and vulnerability scanning on our build pipeline.
• Responsible disclosure welcome at security@chainevidence.net.

• GDPR-aligned. Data minimisation, EU hosting, and data-subject export/erasure on request.
• Built for MiCA & the EU Travel Rule (TFR). Designed around the screening and originator/beneficiary obligations CASPs carry.
• SOC 2 Type II. A readiness program is underway; we're happy to share our current status and security questionnaire responses under NDA.
• DPA. Available on request for any paying customer.