Skip to content
Union Payments

Attestor Security

The Union Attestor ensures compliance.

Although the attestor is a critical part for the protocol to ensure AML guarantees, it is not required for the security of the protocol. The attestor is run in a hardened environment, where we leverage:

  • Encryption at rest: all data is always stored encrypted.
  • Asymmetric encryption of user data: all provided user transfer data is encrypted with an asymmetric key. This ensures that database admins cannot read the data. The decryption key is stored offline and never touches the attestor cloud infrastructure.
  • No public package usage: the attestor does not rely on NPM or other package registries and contains all source code needed to operate. This ensures there are no supply chain risks.
  • Source-available for enterprise users.

For Enterprise users, the attestor can be run on-premise as well.