🛡️ Security Center

Our sovereign infrastructure protects your data with 12 Command Centers, aligned with the most demanding industry standards.

24/7 Monitoring 🔐 TLS 1.3 🛡️ Zero-Trust 🤖 AI Security 📋 11 Frameworks

Command Centers

🏗️

CC-01

Infrastructure Shield

Sovereign bare-metal infrastructure. Zero-trust networking with encrypted WireGuard mesh. No third-party dependency.

Bare-MetalWireGuardZero-Trust

🔐

CC-02

Cryptographic Barrier

Mandatory TLS 1.3 with HSTS Preload (2 years). Encryption at rest. JWT with audience and issuer validation.

TLS 1.3HSTS PreloadJWT

🔑

CC-03

Identity & Access

SSO via Authentik OIDC. Role-Based Access Control (RBAC) per endpoint. Privilege separation.

OIDC SSORBACSovereign

🛡️

CC-04

Network Defense

Hot-reloadable Blacklist/Whitelist. Per-IP rate limiting. Adaptive anomaly detection. DDoS mitigation.

BlacklistRate LimitAnti-DDoS

🤖

CC-05

AI Security

Prompt injection defense. Hallucination guardrails. Output filtering. Domain-bound agent confinement.

Anti-InjectionHallucination GuardOutput Filter

🗃️

CC-06

Data Integrity

Parameterized queries (zero SQLi). Input sanitization. Length limits. HTML stripping.

Anti-SQLiSanitizationParameterized

📝

CC-07

Observability & Audit

Structured logging. X-Request-Id traceability per request. Persistent audit to Memento.

Audit TrailRequest TracingMemento

📊

CC-08

Traffic Intelligence

Real-time analytics per host and path. Behavioral baseline. Anomaly scoring.

Real-TimeAnomaly ScoreAuto-Escalate

🚨

CC-09

Disaster Recovery

15min RTO for critical services. Zero RPO (PostgreSQL WAL). 6h automated backups. Argus failover.

RTO 15minRPO ZeroAuto-Backup

🔍

CC-10

Vulnerability Mgmt

Automated self-attack: port scanning, SQLi/XSS probes, TLS audit, path traversal, CORS.

PentestPort ScanTLS Audit

🔒

CC-11

Responsible Disclosure

Coordinated disclosure. security.txt RFC 9116. Direct security reporting contact.

RFC 9116CoordinatedPGP

📋

CC-12

Compliance Matrix

11 frameworks mapped: ISO 27001, PCI DSS v4, SOC 2, OWASP, NIST, CIS, GDPR, ISO 27017/18, HIPAA, ISO 22301, NIST CSF.

ISO 27001PCI DSSSOC 2+8

🚨 Disaster Recovery

15 min

RTO — Critical Services

SEV-1

RPO — Data Loss

PostgreSQL WAL

Automated Backups

Encrypted

48h

Mandatory Postmortem

SEV-1/2

4-level incident classification (SEV-1 to SEV-4). Automated alerts via Telegram and WhatsApp. Mandatory blameless postmortem within 48h for SEV-1/SEV-2.

📋 Compliance Frameworks

Our security posture aligns with 11 recognized frameworks. References indicate operational alignment, not implied certification.

ISO/IEC 27001

ISMS Governance

PCI DSS v4.0

Payment Data

SOC 2 Type II

Security & Availability

OWASP ASVS v4

App Verification

NIST 800-53

Federal Controls

CIS Controls v8

Cyber Hygiene

GDPR Art. 25/32

Protection by Design

ISO 27017/18

Sovereign Cloud

HIPAA

Health Data

ISO 22301

Continuity

NIST CSF v2.0

Full Framework

🔐 Data Protection

El Cartera applies data minimization, role-based access controls, and retention practices designed to protect user data and operational activity.

Encryption in transit (TLS 1.3) and at rest
Strict separation between public, operational, and administrative surfaces
Input sanitization across all forms and API endpoints
No plaintext credential storage

🔒 Responsible Disclosure

If you identify a vulnerability, we ask for a responsible, private report. We evaluate each finding and coordinate fixes before any public disclosure.

Our security.txt follows the RFC 9116 standard.

🔒 Found a vulnerability?

Send us a responsible report to vilapaulo@gmail.com