Security
Designed for controlled settlement, auditability and operational trust.
Valtis combines authenticated access, protected deal roles, hashed evidence, activity logs and treasury workflows to make settlement activity visible and accountable.
JWT authenticationEvidence hashingAudit trailTRON USDT V1
Security model
Access
Authenticated deal rooms
Participants can only access deals where they are assigned as Client / Payer, Provider / Receiver or admin.
Evidence
File hashing
Uploaded evidence is stored with a SHA-256 hash to support document integrity and audit trail checks.
Ledger
Settlement accounting
Releases, platform fees, payouts and treasury movements are tracked with structured ledger entries.
Invites
Link + passcode
Counterparty access uses an invite link and separate passcode so invite sharing can be operationally controlled.
Treasury
Controlled payout flow
Payouts move through preparation, review, broadcast and confirmation stages.
Production
Mainnet safety gates
Mainnet settings are blocked unless production flags, secrets, origins and network configuration pass startup safety checks.
Launch security commitments
Before live mainnet usage, production deployment should enforce these controls.
Production-only HTTPS
Valtis should run behind HTTPS with strict production origins for the frontend and API.
No spoofable header auth
Public deployment should use JWT authorization and disable legacy local-development header fallback.
PostgreSQL production database
Public escrow state should run on PostgreSQL, not local SQLite.
Secret rotation before launch
Any testnet keys, pasted secrets or development wallet keys must be replaced before public deployment.
Report security concerns
For security reports, contact security@valtis.io. Do not include private keys, seed phrases or sensitive customer data in email.