Security & Privacy

We protect users' funds and privacy with layered security controls and strict operational procedures. Our systems and processes undergo multiple audits every year.

Key services
that drive results
Overview
Wallet Security

We use hardened hardware security modules (HSMs) to store master keys, derive signing keys, and run the policy engine.

Multi-party approval uses off-chain quorums backed by hardware tokens. This keeps governance logic invisible on-chain.

Key generation and backups procedures follow the CMTA DACS standard and are ISAE 3402-audited.

Support for hot and cold setups, always with in-HSM keys.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Infrastructure Security

Our IT infrastructure runs on Tier III and IV data centers in Switzerland.

Strong authentication and segregation of duty across the board. 24/7 security monitoring and IR.

Audited SSDLC processes. CI/CD pipelines integrating automated scans and supply-chain controls.

Supplier due diligence and monitoring with joint security tests and on-site assessments.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Operations Security

Three lines of defense model: process owners, risk & compliance, internal & external audit.

All staff pass background checks and receive training in security, with focused sessions on data protection, OPSEC, cryptography.

Processes and policies aligned with or exceeding banking standard, from access and change management to BCP and threat intelligence.

Multiple DRP tests every year, incl. data center failover and signing keys recovery.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Third-Party Audits

Independent teams assess our systems: pentests, code audits, red teaming. Reports are shared with clients.

Users of Taurus-PROTECT clients can access all its source code and organize third-part tests.

Critical software built under auditor oversight, using reproducible builds. Certification report shared with clients.

At least 10 third-party security tests every year.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Security Research

Taurus Labs runs applied research projects and collaborates with leading academics, practitioners, and blockchain organizations.

Topics include: multi-party computation, hardware security, post-quantum cryptography, zero-knowledge proofs, private tokens, and automation.

We publish open-source software, research papers, and speak at global events.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Unmatched security & compliance

Compliance and certifications

ISAE 3402 Type II
isae-3402

Standard for risk assurance and internal controls

FIPS 140-2 Level 3
fips

Top-tier security standard for HSM devices

^
CMTA DACS
cmta-dacs

CMTA Digital Assets Custody Standard, ensuring safe custody procedures and technology security

ISO 27001
iso-27001

The globally trusted standard for information security

Security & Privacy

We protect users' funds and privacy with layered security controls and strict operational procedures. Our systems and processes undergo multiple audits every year.

Key services
that drive results
Overview
Wallet Security

We use hardened hardware security modules (HSMs) to store master keys, derive signing keys, and run the policy engine.

Multi-party approval uses off-chain quorums backed by hardware tokens. This keeps governance logic invisible on-chain.

Key generation and backups procedures follow the CMTA DACS standard and are ISAE 3402-audited.

Support for hot and cold setups, always with in-HSM keys.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Infrastructure Security

Our IT infrastructure runs on Tier III and IV data centers in Switzerland.

Strong authentication and segregation of duty across the board. 24/7 security monitoring and IR.

Audited SSDLC processes. CI/CD pipelines integrating automated scans and supply-chain controls.

Supplier due diligence and monitoring with joint security tests and on-site assessments.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Operations Security

Three lines of defense model: process owners, risk & compliance, internal & external audit.

All staff pass background checks and receive training in security, with focused sessions on data protection, OPSEC, cryptography.

Processes and policies aligned with or exceeding banking standard, from access and change management to BCP and threat intelligence.

Multiple DRP tests every year, incl. data center failover and signing keys recovery.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Third-Party Audits

Independent teams assess our systems: pentests, code audits, red teaming.Reports are shared with clients.

Users of Taurus-PROTECT clients can access all its source code and organize third-part tests.

Critical software built under auditor oversight, using reproducible builds. Certification report shared with clients.

At least 10 third-party security tests every year.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Security Research

Taurus Labs runs applied research projects and collaborates with leading academics, practitioners, and blockchain organizations.

Topics include: multi-party computation, hardware security, post-quantum cryptography, zero-knowledge proofs, private tokens, and automation.

We publish open-source software, research papers, and speak at global events.

Icons - protect
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Line 644 Line 645 Line 646 Line 647 Line 649 Line 650 Line 651 Line 652 Line 653 Line 648
Unmatched security & compliance

Compliance and certifications

ISAE 3402 Type II
isae-3402

Standard for risk assurance and internal controls

FIPS 140-2 Level 3
fips

Top-tier security standard for HSM devices

CMTA DACS
cmta-dacs

CMTA Digital Assets Custody Standard, ensuring safe custody procedures and technology security

ISO 27001
iso-27001

The globally trusted standard for information security

Brand

Security & Privacy

We protect users' funds and privacy with layered security controls and strict operational procedures. Our systems and processes undergo multiple audits every year.

Key services
that drive results
Wallet Security
Mobile-protect

We use FIPS 140-2 Level 3-certified HSMs to custody and protect master keys, perform key derivation, and run our policy engine.

We harden HSMs with our proprietary firmware extension, enforcing secure configurations and reducing their attack surface.

Signatures via hardware tokens enable multi-party approval using quorum logic, which remains invisible in blockchain data.

Our key generation and backup processes are ISAE 3402 certified.

Infrastructure Security
Mobile-protect

Our IT infrastructure runs on Tier III and IV data centers in Switzerland.

Strong authentication and segregation of duty across the board. 24/7 security monitoring and IR.

Audited SSDLC processes. CI/CD pipelines integrating automated scans and supply-chain controls.

Supplier due diligence and monitoring with joint security tests and on-site assessments.

Operations Security
Mobile-protect

Three lines of defense model: process owners, risk & compliance, internal & external audit.

All staff pass background checks and receive training in security, with focused sessions on data protection, OPSEC, cryptography.

Processes and policies aligned with or exceeding banking standard, from access and change management to BCP and threat intelligence.

Multiple DRP tests every year, incl. data center failover and signing keys recovery.

Third-Party Audits
Mobile-protect

Independent teams assess our systems: pentests, code audits, red teaming.Reports are shared with clients.

Users of Taurus-PROTECT clients can access all its source code and organize third-part tests.

Critical software built under auditor oversight, using reproducible builds. Certification report shared with clients.

At least 10 third-party security tests every year.

Security Research
Mobile-protect

Taurus Labs runs applied research projects and collaborates with leading academics, practitioners, and blockchain organizations.

Topics include: multi-party computation, hardware security, post-quantum cryptography, zero-knowledge proofs, private tokens, and automation.

We publish open-source software, research papers, and speak at global events.

Unmatched security & compliance
Compliance and certifications
ISAE 3402 Type II
isae-3402

Standard for risk assurance and internal controls

FIPS 140-2 Level 3
fips

Top-tier security standard for HSM devices

CMTA DACS
fips

CMTA Digital Assets Custody Standard, ensuring safe custody procedures and technology security

ISO 27001
fips

The globally trusted standard for information security

Brand

Security
& Privacy

We protect users' funds and privacy with layered security controls and strict operational procedures. Our systems and processes undergo multiple audits every year.

Key services
that drive results
Wallet Security
Mobile-protect

We use FIPS 140-2 Level 3-certified HSMs to custody and protect master keys, perform key derivation, and run our policy engine.

We harden HSMs with our proprietary firmware extension, enforcing secure configurations and reducing their attack surface.

Signatures via hardware tokens enable multi-party approval using quorum logic, which remains invisible in blockchain data.

Our key generation and backup processes are ISAE 3402 certified.

Infrastructure Security
Mobile-protect

Our IT infrastructure runs on Tier III and IV data centers in Switzerland.

Strong authentication and segregation of duty across the board. 24/7 security monitoring and IR.

Audited SSDLC processes. CI/CD pipelines integrating automated scans and supply-chain controls.

Supplier due diligence and monitoring with joint security tests and on-site assessments.

Operations Security
Mobile-protect

Three lines of defense model: process owners, risk & compliance, internal & external audit.

All staff pass background checks and receive training in security, with focused sessions on data protection, OPSEC, cryptography.

Processes and policies aligned with or exceeding banking standard, from access and change management to BCP and threat intelligence.

Multiple DRP tests every year, incl. data center failover and signing keys recovery.

Third-Party Audits
Mobile-protect

Independent teams assess our systems: pentests, code audits, red teaming.Reports are shared with clients.

Users of Taurus-PROTECT clients can access all its source code and organize third-part tests.

Critical software built under auditor oversight, using reproducible builds. Certification report shared with clients.

At least 10 third-party security tests every year.

Security Research
Mobile-protect

Taurus Labs runs applied research projects and collaborates with leading academics, practitioners, and blockchain organizations.

Topics include: multi-party computation, hardware security, post-quantum cryptography, zero-knowledge proofs, private tokens, and automation.

We publish open-source software, research papers, and speak at global events.

Compliance
and certifications
ISAE 3402 Type II
isae-3402

Standard for risk assurance and internal controls

FIPS 140-2 Level 3
fips

Top-tier security standard for HSM devices

CMTA DACS
cmta-dacs

CMTA Digital Assets Custody Standard, ensuring safe custody procedures and technology security

ISO 27001
iso-27001

The globally trusted standard for information security