SOC 2 Type II Certified

Security at Credo

Built from the ground up with security-first architecture for professional document integrity.

Encryption

  • AES-256-GCM encryption at rest
  • TLS 1.3 encryption in transit
  • Post-quantum cryptography (Kyber KEM, Dilithium)
  • X.509 digital certificate signing

Authentication

  • Multi-factor authentication (TOTP)
  • Device fingerprinting and management
  • Session security with geolocation
  • SSO/SAML/OIDC for enterprise

Audit Chain

  • Cryptographic hash chain (Merkle tree)
  • Tamper-evident logging
  • Complete seal provenance tracking
  • Exportable compliance reports

Infrastructure

  • SOC 2 Type II certified hosting
  • Geographic data residency options
  • 99.9% uptime SLA
  • Regular penetration testing

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to security@credo.app. We acknowledge reports within 24 hours and aim to resolve critical issues within 72 hours.