Honest security posture is a precondition for institutional trust. We will not claim a compliance certification we do not hold, nor will we use vague language to imply one. This page is the durable answer to procurement questions.
···
In production today
LiveImmutable receipts
Every recommendation produces a receipt at a permanent /r/<id> URL. The receipt body cannot be edited after write — write-once enforced at the database layer.
LiveHash chain
Every receipt computes a sha256 over its canonical immutable block and references the predecessor hash within its session. Any post-hoc edit breaks the chain visibly.
LiveEngine pin
Methodology version, agent build SHA, model id, prompt version, and tool-stack hash are stored on every receipt. A receipt is replayable iff each value is still resolvable.
LiveDrift anchors
Each receipt declares the provider/market facts it depended on, with per-field materiality thresholds. The drift engine evaluates these on read and writes a successor receipt — never mutates the original — when a watched field crosses materiality.
LiveRow-level security
Database access is gated by Supabase RLS policies. Public reads are restricted to is_public=true rows; service-role writes are explicit and scoped.
LiveMethodology transparency
Versioned methodology with a public changelog. Every weighting and eligibility change bumps the version; receipts pin the version active at write time.
In progress
In progressSource archive (institutional tier)
Snapshot every cited URL at fetch time so audit does not depend on the public web staying intact. Schema and storage table are deployed; the snapshotting cron is the next build.
In progressAppend-only governance log
Role-based events (requested, approved, rejected, exported, escalated) attached to each receipt. Schema deployed; UI lands when the first institutional pilot needs it.
In progressPDF committee brief
Server-rendered PDF directly from a receipt id, with the full audit trail attached as an appendix. Target: Q3.
Planned (will start at first pilot)
PlannedSOC 2 Type II
Not started. We will engage an auditor and build a readiness program once we have a paying institutional pilot to anchor it. Estimated 9–12 months from kickoff to Type II report.
PlannedGDPR DPA + sub-processor list
Standard contract surface for EU institutional buyers. Will produce on first pilot request.
PlannedPublic-key signing of receipts
Cryptographic non-repudiation: every receipt signed by an engine key whose public half is published. Useful for audit; not in v1.
PlannedPenetration test
Third-party pen test of the API and receipt surfaces. Will commission ahead of the first signed pilot.
Disclosures
ChainChoice does not provide investment advice and does not custody assets. We are pre-pilot and pre-revenue at the institutional tier. We hold no SOC 2, ISO 27001, or equivalent certification today. Any claim implying otherwise should be treated as an error and reported to trust@chainchoice.io.
Last reviewed 2026-05-03. Material changes are versioned in the methodology changelog.
⚖ChainChoice provides informational content only. Nothing on this site constitutes financial, investment, legal, or tax advice. Always do your own research and consult a qualified professional before making financial decisions.
//Analytics consent·GDPR · ePrivacy · TTDSG
ChainChoice uses anonymous, first-party analytics to measure how the engine is used (page views, conversions, referrer). No third-party trackers, no advertising cookies, no data resale. Rankings are identical whether you accept or decline.