Trust Center
Circuit is committed to the highest standards of operational security. Our compliance program ensures your organization meets regulatory and enterprise requirements, without compromise.
ISO27001
Security Controls
At Circuit we are committed to ensuring the highest levels of security for the Web3 ecosystem. Our approach centers on proactive risk management, leveraging cutting-edge security controls both internally and for our customers to utilize along with adhering to industry-leading standards. Through rigorous audits, continuous monitoring, and compliance with globally recognized certifications, we build trust by providing transparent and reliable security solutions that empower organizations to operate with confidence in a decentralized world.
Policy Engine Integration
Circuit integrates seamlessly with each custodian’s policy engine to ensure all actions strictly adhere to their defined security protocols and compliance requirements. This integration automates the enforcement of critical policies such as transaction thresholds, whitelisting rules, and multi-signature approvals—significantly reducing the risk of unauthorized activity.
Email Verification for Critical Actions
To safeguard high-impact operations, Circuit enforces mandatory email verification before executing sensitive actions such as approving/rejecting a destination change request and initiating a recovery. This extra layer of confirmation ensures that only authorized users can proceed, adding friction against phishing, impersonation, or accidental approvals. By combining real-time alerts with explicit user verification, Circuit reinforces security around critical decision points.
Recovery Alerts
Circuit’s recovery alerts deliver real-time notifications for backup activities and recovery transactions, enabling rapid detection of unauthorized access or suspicious behavior. These alerts are shared with all relevant users to promote transparency, foster collective accountability, and ensure swift response to potential threats. This added layer of visibility strengthens security and helps prevent fraud or misuse during sensitive recovery operations.
2FA / OAuth Authentication
Circuit employs Two-Factor Authentication (2FA) to provide robust, layered access security. 2FA enhances account protection by requiring a second verification factor—such as a TOPT from an authenticator—in addition to a password, making unauthorized access significantly more difficult. This ensures secure, frictionless authentication across all user and system interactions.
Governance Layer
Circuit’s governance layer introduces fine-grained roles and permissions, giving organizations precise control over user access and actions. By enforcing the Principle of Least Privilege, users are granted only the access necessary for their responsibilities—reducing the risk of accidental or malicious activity. This access control framework supports auditability, enhances accountability, and simplifies compliance with internal policies and regulatory standards, reinforcing trust in how sensitive data and operations are managed.
Audits & Certifications
At Circuit, we uphold the highest security standards. Our SOC 2 Type 1 and Type 2 certifications reflect our commitment to protecting customer data with robust controls and regular audits.
Type 1 validates the design of our security measures, while Type 2 confirms their ongoing effectiveness.
We are also pursuing ISO 27001 certification to strengthen our security framework and align with global best practices, offering our customers added confidence in our data protection efforts.
Monitoring, Logging & Alerting systems
At Circuit, we use a comprehensive set of cloud-based security tools to proactively safeguard our platform. These systems continuously monitor for threats, detect vulnerabilities, and alert our team to any suspicious activity. Real-time monitoring, traffic filtering, anomaly detection, and detailed audit logging work together to provide layered protection. This proactive approach defends against both known and emerging threats, ensuring user data remains secure and systems stay compliant.
Pen Testing & Vulnerability Scans
At Circuit, we conduct regular penetration testing as part of our proactive security strategy. By simulating real-world cyberattacks, we identify and fix vulnerabilities before they can be exploited. Our trusted third-party partner uses a mix of automated tools and manual testing to assess systems, uncover weaknesses, and recommend improvements. This ensures our security measures stay strong, up-to-date, and resilient, giving customers confidence that their assets are protected against evolving threats.
Secure Storage & Encryption
At Circuit, we ensure all customer data is encrypted and securely stored for recovery transactions to maintain confidentiality, integrity, and availability. Encryption protects data from unauthorized access, keeping it unreadable without the proper decryption key. Secure storage safeguards against tampering or unauthorized changes, preserving the integrity of the recovery process. These measures protect against breaches and cyberattacks, building customer trust by securely storing assets and personal information in compliance with industry best practices and regulatory requirements.
Segregation of Duties
At Circuit, we employ segregation of duties (SoD) to ensure no single individual has full control over critical processes, reducing the risk of errors, unauthorized access, and single points of failure. By distributing responsibilities across multiple team members, we enhance accountability, promote transparency, and provide an added layer of protection for our customers' data, reinforcing our commitment to trust and security.
Least Privilege by Design
At Circuit, in line with SoD, we implement the principle of Least Privilege by limiting access to only the resources necessary for each user or system to perform their tasks. This reduces the risk of accidental or malicious actions, contains potential breaches by restricting access to sensitive data, and minimizes the impact of security incidents. By enforcing least privilege, we ensure only authorized personnel access critical systems, significantly strengthening our security posture and protecting against internal and external threats.
Cryptographic Controls
At Circuit, we implement cryptographic controls to enhance the governance layer on our platform, ensuring recovery transactions are secure, private, and tamper-proof. By using strong encryption, we protect sensitive information from unauthorized access, reinforce trust with customers, and meet stringent regulatory requirements. These controls provide an added layer of security, ensuring that only authorized parties can initiate recovery transactions, boosting confidence in the integrity of our platform.
Secure Code & Pipeline Security
At Circuit, we embed security throughout our software development lifecycle, with a strong focus on protecting our CI/CD pipelines. By enforcing strict access controls, automated code scanning, integrity validation, and secure handling of environment variables, we ensure that only trusted code is deployed. Continuous monitoring and staged deployments—combined with automated testing and manual review—help detect vulnerabilities early and prevent unauthorized changes. This disciplined approach safeguards the integrity and reliability of every release.
Internal Red Team Testing
At Circuit, we use internal red teaming to simulate real-world cyberattacks to identify vulnerabilities in our systems, processes, and CI/CD pipelines. This proactive approach uncovers weaknesses before external attackers can exploit them. Using tactics like phishing, social engineering, and system misconfigurations, we ensure our defenses remain strong. Regular red teaming strengthens our security posture and helps us continuously improve threat detection and response strategies.
Security Roadmap
We’re scaling compliance to support our enterprise customers — with a clear, transparent certification plan.
Built by experts who’ve made digital assets safer, and now, recoverable.
We believe asset recoverability is table stakes for the next era of digital assets.
