Compliance
Paratro is designed to help organizations meet regulatory and internal compliance requirements for digital asset operations.Security Standards
SOC 2 Type II
Paratro’s controls are designed to meet SOC 2 Trust Service Criteria:- Security — MPC key management, RBAC, encryption, network isolation
- Availability — Multi-region deployment, failover, uptime SLA
- Confidentiality — Data encryption, access controls, key share isolation
- Processing Integrity — Transaction verification, policy enforcement, audit trails
Cryptocurrency Security Standard (CCSS)
Paratro aligns with CCSS Level III requirements:- Key generation using cryptographically secure methods
- Distributed key storage across independent systems
- Multi-factor authentication for sensitive operations
- Comprehensive audit logging
Compliance Features
Audit Logs
Every action is recorded in an immutable audit trail. See Audit Logs for details.- Full event history for all wallet and transaction operations
- Actor identification with IP address and device info
- Exportable to external SIEM and compliance tools
- Configurable retention periods
Policy Enforcement
Governance policies provide documented, enforceable controls:- Approval workflows with configurable thresholds
- Spending limits with time-based enforcement
- Address whitelists for destination control
- Time locks for high-value operations
Role-Based Access Control
Granular permissions ensure separation of duties:- Defined roles: Owner, Admin, Operator, Approver, Viewer
- Custom role definitions (private deployment)
- Segregation between transaction initiation and approval
- Regular access review support
Multi-Factor Authentication
- TOTP-based MFA for all users
- MFA enforcement configurable per organization
- Required for sensitive operations (key rotation, policy changes)
Data Handling
Data Residency
- SaaS — Data hosted in AWS regions with configurable region selection
- Private Deployment — Full data sovereignty in customer infrastructure
Data Encryption
- AES-256-GCM encryption at rest
- TLS 1.3 encryption in transit
- HSM/KMS-backed encryption keys
- Customer-managed encryption keys (private deployment)
Data Retention
| Data Type | SaaS Default | Private Deployment |
|---|---|---|
| Audit logs | 1 year | Configurable |
| Transaction records | Indefinite | Configurable |
| User activity | 90 days | Configurable |
Regulatory Considerations
Paratro’s infrastructure supports organizations subject to:- Financial services regulations requiring custody controls
- Data protection regulations requiring data residency
- Internal governance requirements for digital asset management
- AML/KYT integration requirements (via third-party providers)