IPX Logo
BRANDX
Bank-grade trust · 99.99% SLA

Built so your CFO sleeps at night.

BrandX combines audited smart-contract escrow with SOC 2 Type II controls, GDPR compliance, multi-sig fund custody, and on-chain proof-of-reserves. Every dollar tracked. Every signature provable. Every deal defensible.

Talk to security teamSee live deals
Certifications

Audited. Compliant. Provable.

Audited
SOC 2 Type II

Independently audited controls covering security, availability, processing integrity, confidentiality, and privacy. Latest report Q2 2026.

EU/UK
GDPR Compliant

EU/UK data subject rights, data residency in Frankfurt and London regions, signed DPAs available on request, full erasure workflow.

On-chain
Audited Smart Contracts

Every BrandX escrow contract is audited by two independent firms before mainnet deployment. Bytecode hashes pinned and published.

Legal
E-SIGN / UETA / eIDAS

Legally binding electronic signatures with full audit trail — IP, timestamp, geolocation, signer identity, document hash on-chain.

Funds Protection

Your money is the priority.

We treat escrow capital like a trust company would — with multi-sig custody, segregated reserves, daily proofs, and insurance on principal. The contracts are open-source and the bytecode is pinned.

  • USDC held in audited Solidity escrow contracts
  • Multi-signature approval required for every fund movement
  • Segregated reserves — never commingled with operating capital
  • On-chain proof-of-reserves published every 24h
  • Insurance reserve covering 100% of escrowed principal
  • Tiered withdrawal limits with mandatory cool-down windows
Data Protection

Encrypted everything.

Identity, contract terms, payment instructions and PII are all encrypted at the field level. We assume breach by default and architect every layer to fail safe.

  • AES-256 encryption at rest, TLS 1.3 in transit
  • Zero-trust network architecture, no perimeter assumptions
  • Hardware security keys (WebAuthn) for all admin actions
  • EU and US data residency, customer-selectable
  • Field-level encryption for PII and contract terms
  • Quarterly penetration tests by external red team
Compliance

Regulator-ready out of the box.

KYC / AML

Travel Rule compliant via Coinbase TRUST, Chainalysis address screening on every wallet, sanctions list checks (OFAC, EU, UK, UN).

Privacy

GDPR (EU/UK), CCPA/CPRA (California), PIPEDA (Canada), POPIA (South Africa), LGPD (Brazil). DPAs signed on request.

E-Signature

E-SIGN Act + UETA in the US, eIDAS Advanced E-Signatures in EU/UK. Full audit trail anchored on-chain.

Markets-aware

MiCA-aware in the EU, FINRA + SEC-aware in the US. Working with outside counsel; not legal advice — talk to your own.

Not legal advice. We work with outside counsel in every jurisdiction we operate; you should too. Our compliance team can introduce you to qualified outside counsel on request.

Audit Reports

Read the receipts.

We publish what we can publicly and share the rest under NDA. No hand-waving — every claim on this page maps to a document we can put in front of you.

Request the security pack
brandx://trust-center
live
SOC 2 Type II
Q2 2026
Available under NDA
Smart Contract Audit
v3.2 — Mar 2026
Public
Penetration Test
Q1 2026
Available under NDA
Proof of Reserves
Daily
Public on-chain
Bug Bounty

If you can break it, we'll pay you to tell us.

Our HackerOne program rewards security researchers $500–$50,000 per issue depending on severity. We acknowledge within 24 hours, triage within 72, and ship critical hotfixes inside 24 hours of triage.

Critical
Up to $50,000
High
Up to $15,000
Medium
Up to $5,000
Low
Up to $500

Submit reports to security@brandx.io — PGP key in our trust center.

FAQ

Common security questions.

Diligence the platform you're betting on.

Get the full security pack — SOC 2, audits, penetration tests, DPAs, contracts, the works.

Talk to security teamSee pricing