Compliance

Our commitment to security standards, certifications, and regulatory compliance

Our Compliance Commitment

At Domexec, we are committed to maintaining the highest standards of security, quality, and regulatory compliance.

As a manufacturer of hardware security devices for cryptocurrency storage, we understand the critical importance of adhering to industry standards and regulations. We continuously invest in security audits, certifications, and compliance processes to ensure our products meet and exceed the expectations of our customers and regulatory authorities.

This page outlines our compliance approach, certifications, and regulatory adherence to demonstrate our commitment to security and quality.

Compliance Highlights

  • CC EAL5+ certified secure elements
  • FIPS 140-2 Level 3 compliance
  • ISO 27001 certified operations
  • Regular independent security audits
  • GDPR and CCPA compliant
  • CE, FCC, and RoHS certified

Security Certifications

CC EAL5+ Certification

Our secure element chips are certified under Common Criteria EAL5+ standards, ensuring robust protection against sophisticated hardware and software attacks.

Certification Number: CC-2022-0457-EAL5

FIPS 140-2 Compliance

Our cryptographic modules comply with FIPS 140-2 Level 3 standards, meeting the U.S. government requirements for cryptographic security.

Certification Number: FIPS-140-2023-L3-C792

ISO 27001 Certification

Our information security management systems are ISO 27001 certified, ensuring we maintain rigorous processes for handling sensitive information.

Certification Number: ISO-27001-2024-0319

Regulatory Compliance

  • Product Compliance

    Our hardware wallets comply with international product standards and regulations:

    • CE Marking: All Domexec products are CE certified, meeting all relevant European safety, health, and environmental protection requirements.
    • FCC Certification: Our devices comply with Federal Communications Commission standards for electromagnetic compatibility in the United States.
    • RoHS Compliance: All products meet the Restriction of Hazardous Substances directive, limiting the use of specific hazardous materials in electronic equipment.
    • WEEE Compliance: We adhere to Waste Electrical and Electronic Equipment regulations for responsible disposal and recycling.

  • Data Protection

    We maintain strict compliance with data protection regulations:

    • GDPR Compliance: Our data processing activities comply with the European Union's General Data Protection Regulation, including our website, customer service operations, and firmware updates.
    • CCPA Compliance: We adhere to the California Consumer Privacy Act, respecting California residents' privacy rights.
    • Privacy by Design: Our hardware and software products are designed with privacy as a fundamental principle, minimizing data collection and processing.
    • Data Minimization: Our devices do not collect or transmit user cryptocurrency data, ensuring maximum privacy protection.

  • Financial Regulations

    While Domexec produces hardware wallets and does not provide financial services, we design our products to help users comply with relevant regulations:

    • AML Support: Our companion software includes optional features to help users track transactions for compliance with Anti-Money Laundering requirements.
    • KYC Compatibility: Our devices can be used in conjunction with Know Your Customer compliant services while maintaining security.
    • No Custodial Services: We do not hold or control user funds - users maintain complete control of their private keys.
    • Clear Documentation: We provide clear documentation regarding the non-custodial nature of our products to prevent misunderstanding.

  • Supply Chain Security

    We maintain rigorous supply chain security to prevent tampering or counterfeiting:

    • Secure Manufacturing: Our devices are manufactured in controlled facilities with strict security protocols.
    • Component Verification: We verify the authenticity of all security-critical components before assembly.
    • Tamper-Evident Packaging: All products are shipped in tamper-evident packaging with verification procedures.
    • Secure Distribution: We work only with verified distribution partners and offer direct shipping options.
    • Authentication Features: Our devices include authentication features to verify their authenticity.

  • Environmental Compliance

    We are committed to environmental responsibility:

    • Energy Efficiency: Our devices are designed for low power consumption, extending battery life and reducing environmental impact.
    • Sustainable Materials: We prioritize sustainable and recyclable materials in our product design and packaging.
    • RoHS Compliance: All products comply with RoHS directives, restricting the use of hazardous substances.
    • REACH Compliance: We adhere to the Registration, Evaluation, Authorization and Restriction of Chemicals regulation.
    • Recycling Program: We offer a product recycling program for customers to return end-of-life devices for responsible recycling.

Independent Security Audits

We regularly engage independent security researchers and firms to audit our products.

Hardware Security Audits

Our hardware undergoes rigorous security audits by specialized firms:

  • Physical Attack Resistance: Independent testing of tamper resistance, side-channel attack protection, and hardware vulnerabilities.
  • Secure Element Verification: Verification of secure element implementation and isolation.
  • Random Number Generator Quality: Testing of the true random number generator quality for cryptographic operations.
  • Hardware Backdoor Detection: Comprehensive analysis to ensure no hardware backdoors exist.

Recent Audits:

  • Elite Model Hardware Security Assessment

    CryptoSecure Labs

    March 2025

  • Secure Element Penetration Testing

    HardwareSec Inc.

    November 2024

Firmware & Software Audits

Our firmware and software undergo comprehensive security reviews:

  • Cryptographic Implementation: Verification of cryptographic algorithms and implementations for vulnerabilities.
  • Secure Boot Chain: Assessment of the secure boot process and firmware verification mechanisms.
  • Code Quality: Analysis of code quality, potential vulnerabilities, and security best practices.
  • API Security: Testing of application interfaces for security vulnerabilities.

Recent Audits:

  • Firmware v4.2 Security Assessment

    BlockSec Audit

    April 2025

  • Desktop Application Security Review

    CryptoDefense Partners

    January 2025

We believe in transparency and responsible disclosure. Detailed audit reports are available upon request under NDA for enterprise customers.

Request Audit Information

Bug Bounty Program

We maintain an active bug bounty program to encourage responsible security research.

At Domexec, we recognize that even with extensive testing and auditing, vulnerabilities may still exist. To address this, we've established a bug bounty program that rewards security researchers for responsibly disclosing potential security issues in our products.

Our program covers hardware design, firmware, desktop applications, and mobile applications. Rewards are scaled based on the severity of the vulnerability and the quality of the report.

Reward Ranges:

  • Critical: $5,000 - $50,000
  • High: $1,000 - $5,000
  • Medium: $500 - $1,000
  • Low: $100 - $500
Bug Bounty Program Details

Responsible Disclosure Policy

We are committed to working with security researchers who identify and report vulnerabilities in our products. We ask that researchers:

  • Provide detailed reports with reproducible steps
  • Allow a reasonable time for remediation before public disclosure
  • Avoid accessing customer data or disrupting our services
  • Not exploit vulnerabilities beyond what's necessary to demonstrate the issue

In return, we commit to:

  • Acknowledge receipt of vulnerability reports within 24 hours
  • Provide regular updates on remediation progress
  • Not pursue legal action against researchers acting in good faith
  • Credit researchers (with permission) for their discoveries
  • Provide appropriate compensation through our bug bounty program

Contact our security team at:

[email protected]

Open Source Commitment

We believe in transparency through open source development.

Open Source Components

We publish significant portions of our software as open source, allowing community review and contribution:

  • Firmware Core: Critical portions of our firmware are open source to enable security review.
  • Desktop Applications: Our companion applications are open source and available for community contributions.
  • Cryptographic Libraries: We maintain and contribute to open source cryptographic libraries.
  • Hardware Specifications: We publish hardware specifications to enable security research.

All our open source projects are available on our GitHub repository under permissive licenses.

GitHub Repository

Community Contributions

We actively encourage community involvement in our security efforts:

  • Code Contributions: We welcome pull requests and code improvements from the community.
  • Security Reviews: Community security researchers have helped identify and fix potential issues.
  • Documentation: Community members help improve our security documentation and guides.
  • Translations: Volunteers help translate our security documentation into multiple languages.

Our security is strengthened by the diverse perspectives and expertise of our community contributors.

Contribution Guidelines

Need More Information?

Contact our compliance team for detailed information about our certifications and security practices.

For enterprise customers, we offer comprehensive compliance documentation, security white papers, and attestation reports under NDA. Our compliance team is available to answer questions and provide additional information about our security measures and regulatory compliance.

Contact Compliance Team