Treviya
Trust architecture

Built for scrutiny.
Operated to standard.

Trust on Treviya is not a marketing claim. It's a documented, auditable architecture spanning data security, ledger integrity, compliance, logistics and operational reliability.

Last audit
Security reviewQ1 2026
Compliance auditQ1 2026
Penetration testQ4 2025
Ledger reconciliationDaily

Data security

AES-256 at rest · TLS 1.3 in transit · HKDF-SHA256 keys

Member-submitted data, KYC documents and ledger entries are encrypted at rest using AES-256-GCM with HKDF-SHA256 derived per-record keys. All API traffic uses TLS 1.3. Sensitive operations require step-up authentication.

Encryption at restAES-256-GCM
Encryption in transitTLS 1.3
Key derivationHKDF-SHA256
KYC document storageEncrypted, isolated
Backup encryptionYes
Key rotationQuarterly

Append-only ledger

Every transaction immutable · daily reconciliation

All financial events are written to an append-only ledger. Once written, entries cannot be modified or deleted. Daily automated reconciliation compares ledger sums against stored balances and flags any divergence within 2 hours.

ArchitectureAppend-only event log
MutabilityImmutable post-write
Reconciliation cadenceDaily, automated
Divergence SLA< 2 hours to flag
Audit trail retention7 years minimum
Statement assemblyMaterialised from ledger

Compliance

KYC · FATF AML · sanctions screening · GDPR · UK DP · Swiss FADP · Singapore PDPA

KYC mandatory before first allocation. FATF-aligned AML controls including transaction monitoring and suspicious-activity reporting. Sanctions screening against UN, OFAC, EU, UK and Swiss SECO lists at registration and continuously thereafter. Data protection compliant under GDPR (EU), UK Data Protection Act, Swiss FADP and Singapore PDPA.

KYC frameworkeIDV + document verification
AML standardFATF aligned
Sanctions listsUN · OFAC · EU · UK · CH
Screening cadenceContinuous
Data residencyEU / UK / CH / SG
Subject rightsGDPR · UK DP · Swiss FADP · Singapore PDPA

Logistics integrity

14 3PL partners · 6 regions · 0.3% damage rate

Cycle goods are inspected at origin, in transit and on hub arrival. Damage is documented and reflected in settlement. Average proof-of-delivery is uploaded within 48 hours of last-mile delivery. Carrier insurance covers transit; partner insurance covers hub storage.

3PL partners14 active
Regional coverage6 regions
Damage rate (platform)0.3%
POD upload SLA< 48 hours avg
Origin inspectionMandatory
Hub re-inspectionMandatory

Account security

Mandatory 2FA · passkeys · trusted-device PIN · role-based access

2FA is mandatory at account creation. Passkeys (WebAuthn) and trusted-device PIN supported. Role-based access controls for institutional accounts. All sensitive actions (withdrawals, role changes, document uploads) require step-up authentication.

2FAMandatory
PasskeysWebAuthn supported
Device trustPer-device PIN
RBACFor institutional accounts
Step-up authenticationSensitive actions only
Session timeout24 hours

Reliability

99.97% uptime · monitored health · public status

Platform is monitored continuously across all critical paths. Public status page documents uptime and incidents. Material incidents receive published post-mortems within 72 hours. RTO ≤ 4h, RPO ≤ 15min for catastrophic failures.

Uptime (12mo)99.97%
Status pagePublic
MonitoringContinuous, multi-region
Post-mortem SLA72 hours after material incident
RTO≤ 4 hours
RPO≤ 15 minutes
Standards & frameworks

Aligned to recognised standards.

We maintain alignment to standards rather than chase certifications for marketing. Audit reports available to qualified institutional members on request.

FATF Recommendations
GDPR (EU)
UK Data Protection Act
Swiss FADP
Singapore PDPA
ISO 27001 aligned
OWASP Top 10
SOC 2 Type II (in progress)
KYC / AML best practice
All systems operational

Public status page.

Real-time uptime, incident history and post-mortems for the platform, ledger, partner integrations and member surfaces.

Visit status.treviya.com
Platform
Operational
Ledger
Operational
Partner API
Operational
Member dashboard
Operational