Zentru

Information Security Program

GLBA Safeguards Rule · 16 C.F.R. Part 314 · v1

Designated coordinator

A named Information Security Coordinator oversees this program and reports annually.

Risk assessment

Reviewed at least annually and after any material system change. Threats include: credential theft, key loss, insider misuse, third-party compromise, and Stellar network outages.

Technical safeguards

  • TLS 1.2+ in transit. AES-256 at rest for sensitive payloads.
  • Row-level security on every customer-facing table; service-role access scoped to verified webhooks.
  • SHA-256 hashing of every legally significant document; hashes anchored to Stellar memos.
  • Webhooks authenticated with HMAC-SHA256 and constant-time comparison.
  • Daily seal-integrity job re-verifies document hashes against the ledger.

Administrative safeguards

  • Role-based access (grantor, trustee, beneficiary, attorney, admin).
  • Quarterly access review.
  • Mandatory background screening for any role with admin database access.
  • Incident response runbook with 72-hour notification target.

Service provider oversight

Database hosting, KYC, OFAC, payments, and notary partners are contractually bound to safeguards consistent with this program. We review their attestations annually.

NO LEGAL ADVICE. Zentru is a document assistant and software tool-kit under W. Va. Code §30-2-4. We are not a law firm and do not provide legal or tax advice. Generated documents must be reviewed by a WV-licensed attorney before they carry legal effect. Consult a licensed attorney and CPA before relying on any output of this platform.