Security and trust
Every aspect of Fence and Ledger is designed to meet the security, compliance, and confidentiality expectations of regulated financial institutions.
Security infrastructure
Encryption in Transit and at Rest
All data transmitted between members and the platform is encrypted using TLS 1.3. Stored data, including documents, messages, and transaction records, is encrypted at rest using AES-256 encryption.
Signed and Expiring Document URLs
Documents shared through deal rooms are delivered via cryptographically signed URLs with configurable expiration windows. This prevents unauthorized sharing and ensures access is time-limited.
Access Control and Permissions
Role-based access controls govern who within a member institution can view, upload, or manage deal data. Administrators can assign permissions at the user level and revoke access at any time.
Audit Logging
Every action on the platform is logged: document views, downloads, access requests, messages, and administrative changes. Audit logs are immutable and available to member administrators for compliance review.
Infrastructure Security
The platform is hosted on SOC 2 Type II certified cloud infrastructure with redundant availability zones, automated backups, and continuous monitoring. Security patches are applied within 24 hours of release.
Penetration Testing
Independent security firms conduct annual penetration testing of the platform. Identified vulnerabilities are remediated according to severity, with critical issues addressed within 48 hours.
Member vetting
Every institution and individual on the platform has passed our review process. This is how we maintain the quality and trustworthiness of the network.
Regulatory Verification
Every applicant institution is verified against state and federal regulatory databases. We confirm active licensing, registration status, and the absence of enforcement actions or consent orders.
Reputational Review
Our compliance team reviews publicly available information about the applicant guild, including media coverage, legal proceedings, and industry standing. Applications from guilds with material reputational concerns are declined.
Contact Verification
Designated contacts at each member institution are verified through institutional email confirmation and, where appropriate, direct outreach. This ensures that platform access is granted only to authorized representatives.
Ongoing Monitoring
Member standing is reviewed periodically. Changes in regulatory status, ownership, or material business circumstances may trigger a re-review. Members whose standing falls below platform standards may have their access suspended.
Data handling and compliance
Data Minimization
The platform collects only the data necessary to operate the exchange and fulfill compliance obligations. Borrower PII is handled according to strict need-to-know principles.
Data Retention
Transaction records and audit logs are retained for the period required by applicable regulations. Members can request deletion of non-required data in accordance with our Privacy Policy.
Third-Party Data Sharing
Fence and Ledger does not sell member data or share it with third parties for marketing purposes. Data is shared only as necessary to operate the platform, comply with legal obligations, or with explicit member consent.
Incident Response
A documented incident response plan governs the platform's handling of security events. Affected members are notified promptly in accordance with applicable breach notification requirements.
Trust scores
Every member institution has a trust score visible to other members. Trust scores are built from multiple factors and updated continuously.
Transaction Completion
Guilds that consistently follow through on deal commitments and complete transactions in good faith receive higher trust ratings.
Counterparty Feedback
After each transaction, counterparties provide confidential feedback on professionalism, responsiveness, and deal quality. Feedback is aggregated and anonymized.
Platform Tenure
Longer-standing members with a sustained history of activity and compliance contribute to a higher trust rating over time.
Compliance Record
Guilds that maintain clean regulatory standing and adhere to platform policies receive positive compliance signals in their trust profile.
Questions about our security practices?
Our team is available to discuss security infrastructure, compliance capabilities, and data handling in detail.