Security
Security at CarveTrace
CarveTrace's job is to produce evidence that survives a regulator, an internal auditor, or a court. That mission only works if the underlying cryptography, the engineering practice, and the operational posture survive the same scrutiny. This page is the honest summary of where we are today — what we have built, what we have proven, and what is on the roadmap. We do not claim certifications we do not hold.
Architecture posture in one sentence
CarveTrace's commercial software is self-hosted on the Customer's own infrastructure. We do not host customer data. We do not have a multi-tenant database holding your evidence. Your decisions, your subjects, and your signing keys never leave your perimeter unless you choose to send them. The independent verifier that runs at verify.carvetrace.com is a static page — everything it does runs in the user's own browser.
Cryptographic choices
| Layer | Choice | Why |
|---|---|---|
| Event signatures | ECDSA over P-256 (secp256r1) with deterministic nonces (RFC 6979) | NIST + ANSSI-recommended ; broad HSM support ; deterministic signatures eliminate one of the historical ECDSA footguns. |
| Hashes | SHA-256 | NIST FIPS 180-4 ; ubiquitous in EU regulator guidance. |
| Chain hash construction | Domain-separated, append-only, per-producer chain ; child events bind to parent by hash. | Resists rebuild attacks ; tampering anywhere in the history is detectable on full re-verify. |
| External time-stamping | RFC 3161 TSA tokens against eIDAS-qualified TSAs (cadence configurable per deployment). | Independent timestamp authority ; produces an attestation that the chain state existed at or before TSA-token issuance, independent of CarveTrace's own clocks. |
| Optional anchoring | OpenTimestamps / Bitcoin block-header inclusion. | Public, third-party-verifiable anchoring for evidence intended to survive vendor failure. |
| Producer key custody | Customer-managed ; PKCS#11 HSM signing supported. | Customer holds the secret. CarveTrace never sees it. Compromise impact is bounded by Customer's HSM policy. |
| Verifier provenance | Three independent implementations (Java, Python frozen at v0.2, WASM in Rust) ; cross-implementation harness in CI produces byte-identical verdicts on every release. | A bug in one implementation does not silently flip a verdict. The WASM verifier is the verifier of record for v0.3+. |
Software supply chain
- All production CarveTrace artifacts are built from tagged commits on protected branches.
- Maven / npm / cargo dependency manifests are pinned ; lockfiles committed.
- Continuous SCA against the dependency graph ; monthly review of advisories.
- Maven release artifacts are signed (PGP) ; release-process detail is in the repository's
RELEASE_PROCESS.mdwhen applicable. - Third-party copyleft components used unmodified ride adjacent to the launcher (not shaded into the uber-jar) so that customers can replace them independently — see our LICENSING.md.
Engineering hygiene
- Every commit goes through automated tests : unit, integration, and the cross-implementation verifier-parity harness (Java ↔ WASM, Java ↔ Python where in scope).
- Static analysis : spotless format enforcement, checkstyle, and language-specific linters as part of the verify-phase build gate.
- Schema evolution discipline : the protocol layer is proto3 with reserved tag ranges ; on-chain event schemas have a stable cryptographic schema_hash that detects out-of-band schema drift between producer and verifier.
- Test pins for representative attack scenarios — producer-identity rejection, oversight-binding hash mismatch, schema-hash drift, NaN confidence — are bundled with the verifier and run on every change.
Operational posture
Aryamind SARL is a small EU-domiciled company. Our internal operational posture reflects that reality honestly :
- EU-resident business email and primary infrastructure (OVHcloud, France).
- Static-site hosting on Cloudflare Pages ; CSP-enforced zero-third-party-script policy on every page.
- Mandatory MFA for all Aryamind personnel on all identity providers ; password-manager mandated.
- Endpoint hardening (full-disk encryption, EDR, automated patching) on every Aryamind workstation.
- Production access goes through audited break-glass paths with logged justifications, retained 12 months.
- Annual third-party penetration test on the verifier surface and on the commercial-software release ; remediation tracked publicly in the relevant repository's
SECURITY.md.
Compliance and certifications
We hold what we say we hold. Today, June 2026 :
| Framework | Status | Target |
|---|---|---|
| GDPR alignment (controller + processor posture) | In place — see Privacy Policy and DPA. | Continuous. |
| ISO/IEC 27001 | Gap-assessed ; controls implemented ; audit not yet undertaken. | Stage-1 audit Q4 2026 ; certificate Q1 2027. |
| SOC 2 Type I | Not started. | Q2 2027 — for US-buyer demand. |
| ISO/IEC 42001 (AI Management System) | Gap-assessed ; rides on the ISO 27001 ISMS once in place. | Following ISO 27001. |
| EU AI Act conformity (when in scope as a downstream supplier) | Aryamind SARL itself is not a provider of a high-risk AI system. CarveTrace is the evidence layer for Customers' high-risk AI systems. | Not directly applicable to Aryamind ; we provide the technical means for Customer's Article 12 + 14 compliance. |
Known limitations and out-of-scope items
Some of these are temporary — the relevant TD entry in the repo tracks them. Others reflect deliberate product scope.
- Single-tenant deployment model. CarveTrace is self-hosted per Customer perimeter. There is no shared multi-tenant database in our hands ; this is a feature for sovereignty, not a deficit.
- No hosted SaaS today. We do not offer a hosted SaaS plane that would require us to be a processor for ordinary product operation. This may change for a future managed-deployment offering — see DPA Section 3.3.
- Python verifier is frozen at v0.2 wire formats. The Java and WASM verifiers are the path forward for v0.3+ ; the Python verifier exists for the historical record and for legacy auditor environments.
- OpenTimestamps / Bitcoin anchoring is opt-in. The default cadence uses RFC 3161 TSA tokens ; OpenTimestamps adds an independent public anchor that is enabled per Customer deployment.
Verify the verifier yourself
The verifier at verify.carvetrace.com is the load-bearing trust handle of CarveTrace. We publish the SHA-256 hashes of every asset shipping at that URL — and the recipe to rebuild the WASM binary from source and confirm parity — on /verifier-integrity. If you don't check, no-one else is going to do it for you.
Vulnerability disclosure
Send security reports to security@aryamind.com. For sensitive disclosures, request our PGP key in your first message and we will send it back from the same address. We commit to :
- Acknowledge receipt within 2 business days.
- Provide an initial triage assessment within 5 business days.
- Agree a disclosure timeline with you ; default 90 days from triage to public disclosure, extended if reasonable mitigation requires it, shortened for actively-exploited issues.
- Credit reporters who wish to be credited in the relevant repository's
SECURITY.md.
We support coordinated disclosure. Please do not run automated scanners against production endpoints (carvetrace.com, verify.carvetrace.com) ; the verifier is a static page and offers no useful attack surface beyond what your browser already exposes.
If you are a buyer doing a security review
The fastest path is to email security@aryamind.com with your security questionnaire (CAIQ, SIG, your bespoke template — any format). We answer within 5 business days. For ISO 27001-style questions we include the current gap-assessment status honestly ; we do not represent in-progress controls as certified.