Trust Center

Security, privacy & compliance, documented.

Everything your procurement and compliance teams need to review AMLRegister in one place. For specific questions, contact compliance@amlregister.com.

Security programme

ISO 27001-aligned

Encryption

TLS 1.2+ in transit · at-rest sensitive fields

Primary region

UK & EEA

DPO

dpo@amlregister.com

Certifications & attestations

Third-party reports available to enterprise customers under NDA. Contact your account manager or compliance@amlregister.com for copies.

SOC 2 Type I

Completed Q1 2026

Current

SOC 2 Type II

Engagement underway · Q4 2026

In progress

ISO/IEC 27001:2022

Roadmap · targeted Q3 2026

In progress

GDPR / UK GDPR

Ongoing compliance

Current

Annual penetration test

Independent CREST-accredited firm

Current

FCA Innovation Pathway

Admitted 2025

Current

Sub-processors

Third parties who process personal data on our behalf under written contracts. We notify enterprise customers of any changes at least 30 days in advance.

Name	Purpose	Region
Render	Application hosting & persistent storage	EU / UK	Visit
Alchemy	Ethereum & EVM on-chain data	US	Visit
TRONGrid	Tron on-chain data	Global	Visit
Blockstream	Bitcoin on-chain data	Global	Visit
Blockchair	Multi-chain reference data (LTC, DOGE)	Global	Visit
XRPScan	XRP ledger data	Global	Visit
Solana Foundation RPC	Solana mainnet-beta RPC	Global	Visit

Policies & documents

Our policies are public. Download or link to them directly for your compliance file.

Data Processing Agreement (DPA)

Article 28 GDPR processor terms for enterprise customers.

What data we collect, legal bases, retention, and your rights.

AML Policy

Our own AML programme and obligations.

KYC Policy

Enterprise customer due-diligence procedures.

Acceptable Use Policy

Community and abuse-prevention rules for the Service.

Risk Disclosure

Limitations of the risk score and appropriate use.

Regulatory Compliance Statement

Regulatory framework awareness and engagement posture.

Incident response

We operate a documented incident response plan covering triage, containment, eradication, recovery, and lessons-learned. Customer notifications are governed by contract and applicable data-protection law, with breach-of-personal-data notifications made within 72 hours where required.

Service status

Responsible disclosure

We welcome security research. Our coordinated-disclosure policy protects good-faith researchers and commits to an acknowledgement within 3 business days and a first assessment within 14 days.

Security disclosure policy

Need a vendor security questionnaire?

We respond to SIG Lite, CAIQ and custom questionnaires within 5 business days.

Contact compliance team

Trust Center

Security, privacy & compliance, documented.

Everything your procurement and compliance teams need to review AMLRegister in one place. For specific questions, contact compliance@amlregister.com.

Security programme

ISO 27001-aligned

Encryption

TLS 1.2+ in transit · at-rest sensitive fields

Primary region

UK & EEA

DPO

dpo@amlregister.com

Certifications & attestations

Third-party reports available to enterprise customers under NDA. Contact your account manager or compliance@amlregister.com for copies.

SOC 2 Type I

Completed Q1 2026

Current

SOC 2 Type II

Engagement underway · Q4 2026

In progress

ISO/IEC 27001:2022

Roadmap · targeted Q3 2026

In progress

GDPR / UK GDPR

Ongoing compliance

Current

Annual penetration test

Independent CREST-accredited firm

Current

FCA Innovation Pathway

Admitted 2025

Current

Sub-processors

Third parties who process personal data on our behalf under written contracts. We notify enterprise customers of any changes at least 30 days in advance.

Name	Purpose	Region
Render	Application hosting & persistent storage	EU / UK	Visit
Alchemy	Ethereum & EVM on-chain data	US	Visit
TRONGrid	Tron on-chain data	Global	Visit
Blockstream	Bitcoin on-chain data	Global	Visit
Blockchair	Multi-chain reference data (LTC, DOGE)	Global	Visit
XRPScan	XRP ledger data	Global	Visit
Solana Foundation RPC	Solana mainnet-beta RPC	Global	Visit

Policies & documents

Our policies are public. Download or link to them directly for your compliance file.

Data Processing Agreement (DPA)

Article 28 GDPR processor terms for enterprise customers.

What data we collect, legal bases, retention, and your rights.

AML Policy

Our own AML programme and obligations.

KYC Policy

Enterprise customer due-diligence procedures.

Acceptable Use Policy

Community and abuse-prevention rules for the Service.

Risk Disclosure

Limitations of the risk score and appropriate use.

Regulatory Compliance Statement

Regulatory framework awareness and engagement posture.

Incident response

Service status

Responsible disclosure

We welcome security research. Our coordinated-disclosure policy protects good-faith researchers and commits to an acknowledgement within 3 business days and a first assessment within 14 days.

Security disclosure policy

Need a vendor security questionnaire?

We respond to SIG Lite, CAIQ and custom questionnaires within 5 business days.

Contact compliance team