# Trust & Compliance

## Built for Security, Backed by Regulation

Sova is engineered to meet the **highest standards** of on-chain safety, regulatory compliance, and institutional readiness - without compromising the self-custodial nature of crypto.

This is achieved through a **multi-layer architecture** of smart contracts, role-based controls, and regulated partners.

***

## 1. Custody & Escrow

Sova uses a **modular architecture** to separate control over assets, execution, and compliance enforcement.

### Core Components

* **Conduit**: A smart contract that manages all asset transfers into and out of the vault — ensuring no funds move without approval
* **Escrow Contracts**: Used for gated deposits and pending redemptions, especially in strategies with settlement delays
* **Yield Curators**: Receive fiat capital and deploy it — but never hold your crypto or vault tokens

> 🔑 **Self-Custodial Nature Preserved**
>
> Users retain on-chain ownership of their investment at all times. Custody is handled exclusively by regulated institutions like **Fireblocks**, **BNY Mellon**, and **State Street** on the fiat side.

***

## 2. Role-Based Access Control

Sova implements a strict **hierarchical role system** to minimize risks and prevent abuse:

| **Role**              | **Responsibilities**                             |
| --------------------- | ------------------------------------------------ |
| **Protocol Admin**    | System-level permissions, governance control     |
| **Strategy Admin**    | Approves new strategies and asset integrations   |
| **KYC Operator**      | Manages KYC/AML permissions                      |
| **Price Updater**     | Updates NAV via oracle reporters                 |
| **Strategy Operator** | Executes manager actions (e.g., fund deployment) |

> 🚫 **Zero Unauthorized Access**
>
> Every smart contract interaction is permission-gated. Unauthorized access is blocked at the protocol level.

***

## 3. AML & KYC Framework

Sova is fully compliant with global AML standards and requires **KYC verification** before any capital deployment.

* **All users complete** identity verification through Persona, a leading KYC verification provider
* **Wallets are continuously screened** for sanctions, fraud, and risk flags
* **KYC and AML controls** are embedded on-chain using **Hook** contracts

> ⚖️ **Compliance Without Compromise**
>
> This ensures both **regulatory compliance** and **automated enforcement** without compromising protocol integrity.

***

## 4. Audit Coverage

All core contracts powering Sova are **fully audited** and follow security best practices:

* **ERC4626 vault logic**
* **Escrow and GatedMint flows**
* **Reporter and price oracle integration**
* **Access control and role manager systems**

***

## 5. Oracle & Valuation Integrity

Valuation updates are submitted by authorized roles only, using the **Reporter contract**.

### To ensure accuracy and prevent manipulation:

* **All NAV updates** are timestamped and versioned
* **Price changes** above a set deviation threshold are automatically rejected
* **Role-based permissions** restrict who can submit updates

***

## 6. Geographic Restrictions

To comply with international regulations, users from the following jurisdictions are currently **restricted** from accessing Sova:

* **United States**
* **North Korea**
* **Iran**
* **Syria**
* **Cuba**
* **Russia**
* **Crimea**
* other OFAC certain sanctioned regions

> 🛡️ **Evolving Compliance**
>
> This list is updated regularly in line with evolving global compliance frameworks.