Question 1

How does Veratrace protect customer data?

Accepted Answer

Veratrace uses AES-256 encryption for data at rest, TLS 1.3 for data in transit, and hardware security modules (HSMs) for key management. All customer data is logically isolated at the database and application layers with mandatory tenant ID validation.

Question 2

How does Veratrace ensure Trusted Work Units are tamper-proof?

Accepted Answer

Every Trusted Work Unit (TWU) is cryptographically sealed using SHA-256 hashing. The sealed hash is computed from the complete evidence chain, actors, outcome, and timestamps. Any modification invalidates the hash, proving tampering.

Question 3

What compliance certifications does Veratrace support?

Accepted Answer

Veratrace is pursuing SOC 2 Type II certification and supports EU AI Act, NIST AI RMF, SOX, HIPAA, PCI DSS, GDPR, and CCPA compliance requirements through audit trails, evidence exports, and configurable retention policies.

Veratrace Security & Trust

Security is Core to Veratrace's DNA

Veratrace Security & Trust

Security is Core to Veratrace's DNA

Security Philosophy

Infrastructure Security

Data Protection

Application Security

Trusted Work Unit Cryptographic Integrity

Logging, Monitoring, and Incident Response

Compliance Alignment

Subprocessors

Customer Responsibilities

Security Contact Information