Certifications
- SOC 2 Type II — annually audited controls.
- PCI-DSS Level 1 — top-tier card data handling.
- ISO 27001 — information security management.
- GDPR ready — data residency on request.
How accounts are isolated
Row-level security in the database means an account holder can only ever read their own account and transactions. Admin actions live in a physically separate console with its own access policy.
Responsible disclosure
Report issues to security@indigoescrow.example. We acknowledge within 24 hours and credit researchers in our public hall of fame.