Encrypted at rest
AES-256-GCM with envelope encryption. Keys held in OpenBao with HSM root of trust.
Compliance & Security
Audit-ready by construction.
Garden was built under a development constitution that treats every line as if it were handling real money — because it is. The chains of evidence exist before the auditor arrives. We do not ship features that cannot be proven correct after a cold restore.
Standards
Where Garden stands today.
| Standard | Scope | Owners | Status |
|---|---|---|---|
| SOC 2 Type II | Security · Availability · Confidentiality | Sage · Bean · Vine | audit-ready |
| ISO 27001:2022 | Information security management | All services | audit-ready |
| PCI DSS 4.0 | Card data scope minimization | Chard · Greenhouse | self-assessed |
| ASC 606 / IFRS 15 | Revenue recognition | Bean · Cabbage | built-in |
| GDPR · CCPA · PIPEDA · LGPD | Data subject rights | Turnip · Sage · Basil | live |
| NACHA · Reg E · Reg J | ACH origination | Branches · Chard | live |
| FATF Travel Rule (TRP · TRUST) | Counterparty info exchange | Sage · Greenhouse | live |
| MiCA | EU crypto-asset service provision | Greenhouse · Sage | audit-ready |
| NIST 800-63 / NIST 800-53 | Identity assurance · controls | Turnip | live |
| SOX 404 | Internal controls over financial reporting | Bean · Celery | audit-ready |
Security pillars
Eight, all of them load-bearing.
Encrypted in transit
TLS 1.3, rustls only. mTLS between Garden services. Pinned certificates for partner integrations.
Signed events
Every Vine event carries an Ed25519 signature and a per-tenant ordered cursor.
Idempotent writes
Every write accepts an idempotency key. Replays are safe. Double-charges are mathematically impossible.
Cryptographic period seal
Closing a period in Bean produces a blake3 root over every journal entry.
Hardware-backed signing
Greenhouse transactions, period closes, and admin changes can require YubiKey or Ledger touch.
Least-privilege access
Arsenal tokens are minted just-in-time, scoped to action class, time-bound, bound to a principal DID.
Audit chain
Every write records actor, principal, IP, device, and time, with hash linkage to the previous record.
Bug bounty
$250,000 top reward.
We pay for vulnerabilities in proportion to what they could move. The maximum payout is reserved for issues that allow theft of customer funds, bypass of FROST signing, forgery of period seals, or extraction of cryptographic material. Median payouts are $5,000–$25,000.
- · Scope: Bean, Chard, Cabbage, Greenhouse, Turnip, Sage, Basil
- · In-scope chains: BTC, ETH (+ L2s), SOL, USDC, USDP, PYUSD
- · Out: social engineering, denial of service, third-party services not owned by Garden
- · Disclosure: 90 days from triage acceptance
- · Contact: security@gardens.ml · PGP fingerprint published
Audits
External attestations.
Annual
Greenhouse — FROST implementation
Cryptography lab
Annual
Bean — period seal & audit chain
Application security firm
Annual
Chard — payment routing & idempotency
Independent reviewer
Annual
Turnip — identity & lineage
Identity-systems specialist
Annual
Garden — SOC 2 Type II
Big-four-affiliated CPA
Annual
Garden — ISO 27001:2022
Accredited certifier