Security at Vektrum
SOC 2 Type I Audit
SOC 2 Type I audit in progress. Security documentation available to institutional clients upon request.
Immutable Audit Logs
Every action writes to an append-only cryptographic ledger. Nothing is ever deleted or modified.
Non-Custodial Architecture
Funds flow through Stripe Connect. Vektrum never holds, transmits, or controls funds.
Server-Side Enforcement
The 7-condition release gate runs server-side, atomically. Client state is display only.
Role-Based Access Control
Funders, contractors, and admins have strictly enforced, non-elevatable permissions.
For security inquiries, vendor due diligence packages, or penetration test scope discussions: operations@vektrum.io