Security

Six layers shielding every piece of evidence

Three-tier encryption, blockchain anchoring, immutable storage, traceable chain of custody, legal compliance, and open source — from the capture click to courtroom presentation.

Multi-Level Encryption

Data in transit, at rest, and at signing — each state has a dedicated algorithm, with no blind spot.

TLS 1.3

Most secure protocol available for data in transit

AES-256

Standard of governments and financial institutions for data at rest

ML-DSA-87

Post-quantum digital signature approved by NIST (FIPS 140-3)

Multi-Blockchain Registration

Every evidence is anchored simultaneously in three independent public blockchain networks.

Polygon

Primary network — SHA-256 hash registered on-chain

Arbitrum

Secondary network — redundancy and cross-verification

Optimism

Tertiary network — independent of Lexato for verification

Immutable Storage

Infrastructure designed to physically prevent any alteration or deletion of data.

Object Lock

Prevents deletion even by system administrators

Brazil

Servers located in Brazil — compliance with national legislation

Redundancy

Multiple copies in geographically distinct data centers

Digital Chain of Custody

Complete and inviolable tracking of every action on the evidence, from registration to access.

Auditing

Trail with IP, timestamp, and user identification

Tracking

Log of every view, download, and share

Art. 158-F CPP

Compliance with chain of custody under the Anti-Crime Package (Brazil)

Legal Compliance

Operation in full compliance with Brazilian data protection and digital evidence standards.

LGPD

Law 13.709/2018 — personal data protection

ISO 27037

Guidelines for identification and preservation of digital evidence

ICP-Brasil

RFC 3161 timestamp — public faith recognized nationally

Open Source Application

Total transparency. The application code is open and auditable by any expert.

GitHub

Public source code — auditable by forensic experts and developers

Transparency

No hidden dependencies — every line of code is verifiable

Community

Vulnerabilities identified and fixed quickly

Security Practices

Security at every layer

How each control works in practice — certifications, encryption, infrastructure, access, audit, response, and retention.

Certifications & Compliance

Compliance with leading international information security standards.

Processes aligned with ISO 27001 for information security management
Controls compatible with SOC 2 Type II for data protection
Full compliance with Brazil's LGPD (Law 13,709/2018)

Data Encryption

TLS 1.3 protects communication, AES-256 protects storage, and ML-DSA-87 signs each capture — three algorithms, three states, no overlap.

TLS 1.3 for all data in transit between client and server
AES-256 encryption for data at rest on servers
Post-quantum digital signature ML-DSA-87 (FIPS 140-3)

Infrastructure Security

AWS and Vercel host the operation — providers already audited for SOC 2 and ISO 27001, no need to reinvent controls from scratch.

Hosted on AWS and Vercel with SOC 2 and ISO 27001 certifications
Servers located in Brazil for compliance with national legislation
Geographic redundancy with multiple availability zones

Access Control

Robust authentication and granular permission controls to protect data access.

Multi-factor authentication (MFA) available for all accounts
Role-based access control (RBAC) for teams
Sessions with automatic expiration and secure JWT tokens

Audit Logging

Every operation on the platform is logged with IP, timestamp, and user — immutable records, exportable for forensics or compliance.

Immutable log of all operations with IP, timestamp and identification
Audit trail for each piece of evidence: creation, access and sharing
Exportable audit reports for compliance and legal proceedings

Incident Response

Structured security incident response plan with continuous monitoring.

24/7 monitoring with automatic alerts via Sentry and AWS CloudWatch
Incident response plan with notification SLA within 72 hours
Periodic security testing and vulnerability analysis

Data Retention

Clear data retention and deletion policies in compliance with LGPD.

Evidence stored with Object Lock — immutable for the contracted period
Secure deletion of personal data upon data subject request
Transparent retention policy with defined timelines by data type

Certifications and Standards

AES-256

FIPS 140-3

ICP-Brasil

LGPD

ISO 27037

RFC 3161

Ready to register with forensic-grade security

Create your account and capture your first piece of evidence with encryption, blockchain, and chain of custody already in place.

Start Now