Security is the product.
Veritron is engineered so that a single mistake — yours or ours — never puts your money at risk. Here is what runs behind the scenes.
Encryption in transit and at rest
All traffic uses TLS 1.3. Data at rest is encrypted with AES-256 keys managed by our cloud provider.
Row-level authorization
Every account, transaction, and card row is scoped to its owner by database policies — not by application code alone.
Multi-factor authentication
Time-based one-time passwords via any authenticator app. We recommend enabling MFA the first time you sign in.
Least-privilege server access
State-changing operations run inside audited server functions with explicit authorization checks and input validation.
Continuous monitoring
Anomalous sign-ins, spend patterns, and role changes trigger notifications you can act on immediately.
Instant alerts
Real-time notifications for every deposit, transfer, card swipe, and admin action on your account.
Report a vulnerability
If you believe you have found a security issue in Veritron, please email us at security@veritron.capital with steps to reproduce. We will acknowledge within 3 business days.
Please act in good faith: avoid data destruction, respect user privacy, and do not test on accounts you do not own.
This page describes security practices implemented in the current Veritron codebase but does not constitute a certification or audited attestation. Veritron is a demonstration product and is not currently a licensed financial institution.
