AURUM LEGACY
PT-BR
Security & Compliance

Institutional-Grade Security

Every component of our infrastructure was chosen for maximum security, reliability, and regulatory compliance.

End-to-End Encryption

  • TLS 1.3 on all communications
  • AES-256 for data at rest
  • Hardware Security Modules (HSM) for cryptographic keys
  • Perfect Forward Secrecy (PFS)

Cloud Infrastructure

  • Google Cloud Platform (GCP)
  • Primary region: southamerica-east1 (São Paulo)
  • Auto multi-region failover
  • Demand-based auto-scaling

24/7 Monitoring

  • Cloud Monitoring with real-time alerts
  • Structured logging for audit
  • Distributed tracing per transaction
  • Anomaly and intrusion detection

Access Control

  • Mandatory MFA (2FA)
  • Least privilege principle
  • Environment segregation (dev/staging/prod)
  • Admin access auditing

Compliance & Certifications

BACEN

Compliance with Central Bank of Brazil regulations for payment and foreign exchange operations.

CVM

Adherence to the Securities and Exchange Commission of Brazil standards for digital asset operations.

PCI DSS Level 1

Highest level of certification for card payment processing.

LGPD

Brazil's General Data Protection Law: consent, portability, right to erasure, designated DPO.

AML/CFT (PLD/FTP)

Anti-Money Laundering and Counter-Financing of Terrorism. Mandatory KYC, COAF monitoring.

GCP Certifications

Infrastructure hosted on SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018 certified environment.

Frequently Asked Questions

What security certifications does Aurum Legacy hold?+
Our infrastructure is hosted on Google Cloud Platform, which holds SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, and PCI DSS Level 1 certifications. Payment processing operates in full PCI DSS Level 1 compliance.
How is customer data protected?+
TLS 1.3 encryption on all communications (in transit) and AES-256 for stored data (at rest). Cryptographic keys are managed via Hardware Security Modules (HSM) with segregated access.
Is Aurum Legacy LGPD-compliant?+
Yes. We maintain privacy policies, explicit consent for data collection, right to erasure, data portability, and a designated DPO (Data Protection Officer) as required by Brazil's General Data Protection Law (LGPD).
How does transaction monitoring work?+
Real-time monitoring with anomaly detection, behavioral analysis, and IP geolocation. Suspicious transactions are automatically flagged for review before settlement.