Back to Home

Security & Compliance

Enterprise-grade security and transparent verification

Blockchain Verified

Every draw permanently recorded on Polygon and Base networks using Chainlink VRF

Enterprise Security

End-to-end encryption, 2FA, and industry-standard security practices

GDPR Compliant

Full compliance with EU data protection laws and Irish DPA 2018

Blockchain Verification

TrustDraw uses blockchain technology to provide cryptographic proof that draw results are fair, transparent, and tamper-proof.

Chainlink VRF (Verifiable Random Function)

  • Cryptographically secure random number generation
  • Mathematically provable fairness using cryptographic proofs
  • Impossible to predict or manipulate results
  • Industry-standard for decentralized randomness

Immutable Blockchain Records

  • Permanent storage on Polygon and Base networks
  • Timestamped and immutable—cannot be altered or deleted
  • Publicly verifiable by anyone with blockchain access
  • Full audit trail for regulatory compliance

Third-Party Verification

Every TrustDraw result includes a public audit link. Anyone can independently verify draw fairness by:

  1. Checking the blockchain transaction hash on Polygonscan or Basescan
  2. Verifying the VRF seed and cryptographic proof
  3. Confirming the draw parameters and results match on-chain data
  4. Reviewing timestamps to ensure draw execution timing

No trust required: Mathematical proof replaces the need to trust TrustDraw or any third party.

Application Security

Data Protection

  • End-to-End Encryption
    All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Secure Password Hashing
    Bcrypt with salt—passwords never stored in plain text
  • Two-Factor Authentication (2FA)
    Optional TOTP-based 2FA for enhanced account security
  • Secure Database Access
    Encrypted connections, access controls, and regular backups

Infrastructure Security

  • CSRF & XSS Protection
    Built-in Laravel security features prevent common attacks
  • Security Monitoring
    Real-time monitoring for suspicious activity and intrusion attempts
  • Regular Security Audits
    Vulnerability assessments and penetration testing
  • API Security
    Token-based authentication, rate limiting, and request validation

Security Best Practices

  • Automated dependency vulnerability scanning
  • Regular security patches and updates
  • Secure coding standards and code reviews
  • Principle of least privilege access controls
  • Secure backup and disaster recovery procedures
  • Incident response and breach notification protocols

Compliance & Standards

GDPR (General Data Protection Regulation)

As an Irish company, TrustDraw fully complies with GDPR and the Irish Data Protection Act 2018. We are committed to protecting your personal data and respecting your privacy rights.

  • Lawful basis for all data processing activities
  • Data minimization—we only collect what's necessary
  • User rights: access, rectification, erasure, portability, objection
  • Data Processing Agreements (DPAs) with all processors
  • Breach notification procedures (72-hour reporting)

View our full Privacy Policy →

PCI DSS (Payment Card Industry Data Security Standard)

We do not directly process or store payment card information. All payment processing is handled by Paddle.com, our certified Merchant of Record, which is fully PCI DSS Level 1 compliant.

  • No credit card data stored on TrustDraw servers
  • Secure payment forms hosted by Paddle
  • PCI DSS Level 1 certified payment processor

ISO/IEC 27001 Security Management

While not yet formally certified, TrustDraw follows ISO 27001 best practices for information security management, including risk assessment, security policies, and continuous improvement.

Industry-Specific Compliance

TrustDraw is designed to support compliance with regulations governing prize draws, lotteries, and gaming:

  • Auditability: Full audit trails for regulatory inspections
  • Fairness: Cryptographically provable random draws
  • Transparency: Public verification links for participants
  • Record Keeping: Permanent blockchain records for compliance

Note: You are responsible for ensuring your use of TrustDraw complies with applicable laws in your jurisdiction.

Responsible Security Disclosure

We take security vulnerabilities seriously. If you discover a security issue, we encourage responsible disclosure and appreciate your efforts to improve our security.

How to Report a Vulnerability:

  1. Email details to info@trustdraw.com with subject line "Security Vulnerability Report"
  2. Include detailed steps to reproduce the issue
  3. Provide any relevant proof-of-concept code or screenshots
  4. Allow us reasonable time to investigate and patch before public disclosure

Please do not: Publicly disclose the vulnerability before we've had a chance to address it, access user data beyond what's necessary to demonstrate the issue, or conduct destructive testing.

We commit to acknowledging your report within 48 hours and providing regular updates on remediation progress. Researchers who follow responsible disclosure will be credited (with permission) in our security acknowledgments.

Questions About Security or Compliance?

Our team is happy to discuss our security practices, compliance certifications, or provide additional documentation for your procurement or legal review.

© 2026 MC2 NB Energy Limited t/a TrustDraw. All rights reserved.