Security and Trust Controls
stxact combines cryptographic receipts, deterministic dispute rails, and exportable audit records for accountable service execution.
Signed Receipts
Receipts are signed and validated against seller identity to prevent tampering.
Dispute Authorization
Refund actions require canonical message signing to preserve non-repudiation.
Audit Exports
CSV/JSON/bundle exports include timestamps and verification context for compliance review.
Operational Security Baseline
Maintain wallet key custody with hardware-backed or institutional signer controls.
Use TLS for all service endpoints and rotate compromised keys immediately.
Monitor receipt verification failures and investigate principal mismatches without delay.
Run pre-mainnet penetration testing and third-party review before handling production treasury flows.