> For the complete documentation index, see [llms.txt](https://sovavault.gitbook.io/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sovavault.gitbook.io/docs/legal-information/trust-and-compliance.md). # Trust & Compliance ## Built for Security, Backed by Regulation Sova is engineered to meet the **highest standards** of on-chain safety, regulatory compliance, and institutional readiness - without compromising the self-custodial nature of crypto. This is achieved through a **multi-layer architecture** of smart contracts, role-based controls, and regulated partners. *** ## 1. Custody & Escrow Sova uses a **modular architecture** to separate control over assets, execution, and compliance enforcement. ### Core Components * **Conduit**: A smart contract that manages all asset transfers into and out of the vault — ensuring no funds move without approval * **Escrow Contracts**: Used for gated deposits and pending redemptions, especially in strategies with settlement delays * **Yield Curators**: Receive fiat capital and deploy it — but never hold your crypto or vault tokens > 🔑 **Self-Custodial Nature Preserved** > > Users retain on-chain ownership of their investment at all times. Custody is handled exclusively by regulated institutions like **Fireblocks**, **BNY Mellon**, and **State Street** on the fiat side. *** ## 2. Role-Based Access Control Sova implements a strict **hierarchical role system** to minimize risks and prevent abuse: | **Role** | **Responsibilities** | | --------------------- | ------------------------------------------------ | | **Protocol Admin** | System-level permissions, governance control | | **Strategy Admin** | Approves new strategies and asset integrations | | **KYC Operator** | Manages KYC/AML permissions | | **Price Updater** | Updates NAV via oracle reporters | | **Strategy Operator** | Executes manager actions (e.g., fund deployment) | > 🚫 **Zero Unauthorized Access** > > Every smart contract interaction is permission-gated. Unauthorized access is blocked at the protocol level. *** ## 3. AML & KYC Framework Sova is fully compliant with global AML standards and requires **KYC verification** before any capital deployment. * **All users complete** identity verification through Persona, a leading KYC verification provider * **Wallets are continuously screened** for sanctions, fraud, and risk flags * **KYC and AML controls** are embedded on-chain using **Hook** contracts > ⚖️ **Compliance Without Compromise** > > This ensures both **regulatory compliance** and **automated enforcement** without compromising protocol integrity. *** ## 4. Audit Coverage All core contracts powering Sova are **fully audited** and follow security best practices: * **ERC4626 vault logic** * **Escrow and GatedMint flows** * **Reporter and price oracle integration** * **Access control and role manager systems** *** ## 5. Oracle & Valuation Integrity Valuation updates are submitted by authorized roles only, using the **Reporter contract**. ### To ensure accuracy and prevent manipulation: * **All NAV updates** are timestamped and versioned * **Price changes** above a set deviation threshold are automatically rejected * **Role-based permissions** restrict who can submit updates *** ## 6. Geographic Restrictions To comply with international regulations, users from the following jurisdictions are currently **restricted** from accessing Sova: * **United States** * **North Korea** * **Iran** * **Syria** * **Cuba** * **Russia** * **Crimea** * other OFAC certain sanctioned regions > 🛡️ **Evolving Compliance** > > This list is updated regularly in line with evolving global compliance frameworks. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://sovavault.gitbook.io/docs/legal-information/trust-and-compliance.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.