Security Policy

Effective date: 14 September 2025

1. Introduction

At CarLedger, we prioritize the confidentiality, integrity, and availability of your data. This Security Policy outlines the principles, practices, and technical measures we adopt to safeguard the platform and protect users from fraud or malicious activity.

2. Smart Contract Security

• All contracts built on Ethereum follow OpenZeppelin standards.
• Contracts undergo internal reviews and independent third-party audits.
• Critical contracts include AnchorRegistry, FeeSplitter, and ValidatorStaking.
• Deployment includes timelock & multisig controls to prevent unauthorized upgrades.

3. Infrastructure Security

• Servers and databases are hosted on secure, redundant cloud infrastructure.
• Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
• Strict firewalling and network segmentation minimize attack surface.
• Continuous monitoring and intrusion detection systems are in place.

4. Data Protection & Privacy

CarLedger adheres to the principles defined in our Privacy Policy. Personal and vehicle data is handled in compliance with GDPR and applicable regulations.

• Access to sensitive data is restricted to authorized personnel only.
• All access is logged and monitored to ensure accountability.
• Backups are encrypted and tested periodically for recovery.

5. Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. Please email security@carledger.io with details. We will acknowledge reports within 72 hours and work to resolve issues promptly.

6. User Security Responsibilities

• Keep your wallet keys and login credentials secure.
• Use official CarLedger applications and extensions only.
• Verify URLs to avoid phishing attempts (official: carledger.io).

7. Compliance & Legal

CarLedger complies with applicable KYC/AML requirements for enterprise integrations. Our practices are aligned with international standards for data security and consumer protection.

8. Updates to this Policy

We may update this Security Policy to reflect evolving threats, technology, or regulatory requirements. Updates will be published on carledger.io and take effect immediately unless stated otherwise.

9. Contact

For questions or reports regarding security:

• Email: security@carledger.io
• Data Protection Officer: dpo@carledger.io
• CarLedger Ltd., Oulu, Finland