Security is not a posture. It's the product.
Every transaction is a fintech operation on a physical asset. We engineer for defense in depth across the hardware, the fleet plane, and the partner cloud — and we publish the results.
Audited and current.
How the pieces are protected.
Tamper-evident cabinet
IK10-rated steel monocoque. Every opening is logged to the fleet plane and alarms local staff. Spectrometer and vault mechanisms are sealed; any break is a hard stop.
mTLS, certificate pinning
Every kiosk holds a device certificate issued at provisioning. All traffic is mTLS, pinned, and rotated every 90 days. Offline kiosks cannot transact.
Scoped operator tokens
Operator access is role-scoped, time-boxed, and requires hardware-key MFA. No shared accounts. Every action attributable to a named human.
Encrypted end-to-end
At rest with AWS KMS CMKs. In flight with TLS 1.3. PII kept separate from transaction data. Customer biometric artifacts are deleted within 24 hours of payout.
Tenant isolation
Each partner is a separate tenant with isolated VPCs, KMS keys, and audit streams. No shared compute touches customer-identifying data across tenants.
24/7 SOC, 15-min SLA
On-call engineers with 15-minute response on P1. Runbooks are rehearsed quarterly. Incident reports are published to affected customers within 72 hours.
Reporting a vulnerability.
We run a public bug-bounty program on HackerOne. For confidential reports, use the channel below — we acknowledge within one business day and do not pursue legal action against good-faith security research.
developers@goldkiosk.com · PGP key fingerprint 3B9F 2A41 8DC7 52E3 ... F9A2