Encryption
Industry-standard encryption at every layer.
Encryption Specifications
Layer Algorithm Key Management
At Rest AES-256-GCM AWS KMS
In Transit TLS 1.3 Certificate rotation (90d)
Signatures RSA-SHA256 AWS KMS (4096-bit)
Hash Chain SHA-256 N/A (deterministic)Key Management
- All keys managed via AWS KMS (FIPS 140-2 Level 3)
- Automatic key rotation every 90 days
- Keys never leave KMS hardware security modules
- Separate keys per customer for Enterprise tier