Trust & Compliance

NexToken is built for Singapore-regulated enterprises. Security, compliance, and data sovereignty are not features — they are the foundation.

🔒
Data Sovereignty
All data is processed and stored exclusively in AWS ap-southeast-1 (Singapore). No data leaves the jurisdiction. Aurora PostgreSQL Multi-AZ with automatic failover ensures zero data loss.
🛡️
Defense in Depth
Eight independent security layers: CloudFront DDoS → WAF → TLS 1.3 → API Key Auth → RBAC → Rate Limiting → Risk Engine → KMS Encryption. No single point of failure.
📋
Immutable Audit Trail
Every API call, every state change, every admin action is logged to an append-only audit trail. No UPDATE or DELETE permissions. Synced to S3 for 7-year retention.
💰
Zero-Debt Architecture
Prepaid wallet model with Redis hard-stop flag. When balance reaches zero, all API calls are rejected within 1ms. No post-pay, no debt accumulation, no billing disputes.
🔐
Key Security
API keys are 256-bit cryptographically random, SHA-256 hashed at rest. Plaintext shown once at creation, never stored. Redis cache with 300s TTL. Instant revocation via DEL.
📊
GST Compliant
Registered for GST with IRAS (Singapore). All invoices include 9% GST for Singapore customers. Full tax invoice with UEN, auto-generated on every top-up.
Compliance Roadmap
Our path to enterprise-grade trust certification
ACRA Registration
✅ Done
Cete Ventures Pte. Ltd. · UEN 202421160G · Singapore-incorporated
IRAS GST
✅ Done
GST registered. All invoices include 9% GST for Singapore entities
PDPA Compliance
🔄 In Progress
Data Protection Officer (DPO) designated. PDPC registration underway. Data processing agreements ready for enterprise customers
MAS PSA
🔄 In Progress
Regulatory counsel retained. FTIG briefing scheduled Q2 2026. SPI licence application targeted Month 6
SOC 2 Type I
📋 Planned
Gap assessment scheduled Q3 2026. Type I report targeted Month 9. Covers security, availability, and confidentiality
SOC 2 Type II
📋 Planned
12-month observation period begins after Type I. Type II report targeted Month 18
AWS Partner (APN)
📋 Planned
Application submitted Q2 2026. Infrastructure runs exclusively on AWS ap-southeast-1

Data Protection Officer

For data protection inquiries, DSAR requests, or compliance questions:

dpo@nextoken.biz

Cete Ventures Pte. Ltd. · UEN 202421160G · Singapore