Trust at DarkCoders

Compliance posture

SOC 2 Type II ISO 27001:2022 NIST CSF 2.0 NCA ECC 2.0 PCI DSS 4.0 GDPR HIPAA

Current control coverage by framework:

• SOC 2 Type II: 94%
• ISO 27001:2022: 87%
• NIST CSF 2.0: 91%
• NCA ECC 2.0: 78%
• PCI DSS 4.0: 82%

Sub-processors

Current list of all third parties processing customer data on our behalf:

View sub-processor list →

30-day notice before adding any new sub-processor.

Security architecture

• FIDO2 + WebAuthn mandatory for all admin actions
• TLS 1.3 with hybrid Kyber+X25519 (PQC-ready)
• mTLS between all internal services
• Z.246 hash-chain audit fabric (tamper-evident)
• Z.395 cross-tenant audit anchor
• Z.395 Sigstore cosign signed PDF reports
• Per-tenant Vault namespace + KV-v2
• Daily backup + 90-day retention
• 15-minute RTO / 1-minute RPO failover

Data residency

Pick your region at signup. Cross-region data movement is enforced at the storage layer (Z.329 Data Residency Enforcement).

• fra1 (EU Frankfurt) - active
• nyc1 (US East) - 2027 Q1
• sgp1 (APAC Singapore) - 2027 Q2
• lon1 (UK) - 2027 Q3
• syd1 (AU) - 2027 Q4

Responsible disclosure

Found a vulnerability? Report it confidentially via our security.txt:

• /.well-known/security.txt
• PGP-encrypted email: security@darkcoders.io
• Telegram: @darkcoders_ciso_bot

We acknowledge within 24 hours and credit reporters in our security advisories.

Audit access

Enterprise + MSSP customers receive read-only auditor portal access on request:

• SOC 2 Type II evidence package
• ISO 27001 control attestation
• NCA ECC alignment report
• Architecture overview + DPIA

Request attestation →

Bug bounty

Coming Q3 2026. Will run on HackerOne with tiered rewards:

• Critical: $5,000-$20,000
• High: $1,500-$5,000
• Medium: $300-$1,500
• Low: $50-$300

Live operational data

Status page: status.darkcoders.com

Open API: api.darkcoders.io

Audit chain head: tamper-evident block emitted every action