Security & compliance

Trust, engineered as infrastructure

From bank-held funds to signed APIs and immutable audits, security isn't a feature at TitanTrustee — it's the foundation everything else is built on.

Defence in depth

Six pillars of platform security

Money is held only in RBI-regulated bank escrow accounts — never a TitanTrustee wallet.

TLS in transit and encryption at rest, with strict key management practices.

HMAC-SHA256 signing, timestamp tolerance, nonce replay protection, constant-time checks.

Tamper-evident logging of every action for regulators, partners, and your auditors.

PMLA-grade onboarding, sanctions screening, and continuous risk scoring.

Role-based access, MFA for privileged consoles, and scoped API keys.

Compliance posture

Controls that satisfy regulators and partners — verifiable through our public security metadata endpoint.

Non-custodial architecture — platform never holds funds

OWASP API Top 10 controls mitigated

Strict CORS allowlist and security headers (CSP, HSTS)

Authentication rate limiting and brute-force protection

Sanitised error responses — no stack traces in production

Versioned APIs with a clear deprecation policy

Found a vulnerability? Report it to security@titantrustee.com. We acknowledge within 2 business days.

Health checks, watchdogs, and automated failover keep the platform online with a 99.9% target.

SEBI-trustee integration enables independent adjudication where regulation requires it.

Spin up a sandbox in minutes. Move real money when you're ready — funds always stay in RBI-regulated bank escrow.