Here is how we protect your funds, your data, and your deals — at every layer of the platform.
Escrow removes the leap of faith from trading with a stranger. Funds are confirmed on-chain, held against the deal, and released only on approval — never on an unverified instruction.
From the moment funds arrive to the moment they're released, each step is verified and logged.
Deposits are matched to the deal and confirmed at the required network depth before funding.
Funds are held against the deal and can never be moved on an unverified instruction.
Money only releases when the buyer approves or the agreed terms are met — with dual-control on large payouts.
Six pillars that protect your money, your data, and the integrity of every transaction.
Funds held in escrow
Buyer funds are confirmed on-chain and held in escrow until the deal terms are met. Money never moves on an unverified instruction.
Server-side, double-entry money
Every amount is computed server-side in the smallest unit and recorded in an append-only double-entry ledger, so balances always reconcile.
Encryption & key management
Sensitive data is encrypted at rest with envelope encryption backed by a master key, and access is scoped on a need-to-know basis.
Privacy by default
The presence of a middleman on a deal is kept private, and counterparties only see what they need to complete the transaction.
Operational integrity
Critical settings are change-controlled with cooldowns and rollback, and background jobs are monitored with alerting and dead-letter handling.
Account protection
Strong password rules, breached-password screening, session controls, and step-up confirmation on sensitive actions protect your account.
We collect the minimum, encrypt the sensitive, and never sell your data.
Encrypted PII
Email and sign-up details are encrypted at rest and only the neutral middleman can view them to run a deal.
Passwords never readable
Passwords are hashed with a modern algorithm and are never visible to anyone — including the operator.
Wallets hidden
Every wallet address and transaction is encrypted and never exposed to another user.
PII access logged
Every time personal info is decrypted or viewed, it is recorded for full accountability.
Hash-chained
Tamper-evident audit logs
Dual-control
On large payouts
Allowlist
Operator withdrawal addresses
Screened
Deposit & payout addresses
Monitored 24/7
Health checks, error tracking, and balance reconciliation against on-chain state.
Incident response
A written plan to detect, contain, and notify if data is ever exposed.
Emergency pause
A circuit breaker can pause deposits, payouts, or a chain during an incident.
Found a vulnerability? We appreciate your help. Please report it privately so we can fix it before it is disclosed. Email security@trustvexa.com with steps to reproduce. Our machine-readable policy is published at /.well-known/security.txt. Please do not access other users’ data, degrade the service, or disclose publicly until we have resolved the issue.
Questions about security or your data? Read our Privacy Policy or contact us.
Escrow-held funds, a neutral middleman, and a tamper-evident audit trail on every deal.