Security
Security architecture and disclosure policy for ANIMA Verify and ANIMA Identity.
Security controls
| Control area | Current status |
|---|---|
| Transport security | TLS + HSTS enabled |
| Application headers | CSP + permissions policy + referrer policy |
| Token security | Signed tokens with replay controls |
| Platform hardening | Rate limiting and authenticated control surfaces |
| SOC 2 Type II | Audit in progress, target Q4 2026 |
| FedRAMP | Pursuing FedRAMP Low authorization — not currently FedRAMP authorized |
Trust evidence and third-party posture references are maintained in the Trust Center.
Vulnerability disclosure
Report issues to security@animaid.to. Policy: /.well-known/security.txt.
Include reproduction steps, impact, and environment context. ANIMA follows coordinated disclosure workflow.