All investor capital is held in a ring-fenced custodian bank escrow account at an SEC-licensed Ghanaian bank. Your funds are legally segregated from PRC Group's operational capital. The custodian bank releases funds to PRC Group only upon confirmation that procurement from a GoldBod-licensed supplier has been authorised. If a pool fails to reach 90% within 90 days, all funds are returned in full.
All investor personal data, KYC documents, and financial records are encrypted with AES-256 (Advanced Encryption Standard, 256-bit key) at rest on AWS af-south-1. This is the same encryption standard used by global banks and classified government systems. Key management is handled via AWS KMS with automatic key rotation every 365 days.
All data transmitted between your device and GoldPool's servers is encrypted with TLS 1.3 — the latest and most secure version of the Transport Layer Security protocol. TLS 1.3 removes legacy cipher suites and reduces the attack surface compared to earlier versions. Certificate management is via AWS Certificate Manager with automatic renewal.
Ghana Card verification via Smile Identity includes liveness detection (ensuring a real person is present, not a photograph) and biometric matching against the NIA database. This prevents identity fraud at onboarding. All investors are re-screened against global sanctions lists and PEP (Politically Exposed Person) databases every 30 days post-onboarding.
Continuous transaction monitoring under AML Act 1044. Velocity alerts (more than 2 pools in 48 hours), threshold alerts (aggregate ≥$4,800), and pattern-based risk scoring. Suspicious Activity Reports are filed with Ghana's Financial Intelligence Centre (FIC) within 5 business days of detection. All alerts are logged in an immutable audit trail.
Once your ownership token is written to the Hyperledger Fabric ledger, it cannot be altered, deleted, or disputed. The ledger is maintained across multiple validator nodes. There is no single point of failure. Your ownership record exists independently of GoldPool's own systems — you can verify it directly on the ledger at any time.
Ghana's regulatory framework for GoldPool's activities provides a layer of investor protection that no private security architecture can replicate. Here is exactly what each regulation requires of us — and how that protects your investment.
| Regulation | What It Requires | How It Protects You |
|---|---|---|
| GoldBod Act 1140 | All gold purchases from GoldBod-licensed Tier 1/2 suppliers only | Your gold is legally sourced and cannot be seized or disputed |
| SEC CWF Guidelines 2024 | Investor capital in SEC-licensed custodian bank escrow | PRC Group cannot access your funds before procurement is authorised |
| AML Act 1044 | KYC, CDD, EDD, FIC reporting | You invest alongside verified, screened investors — no commingling with illicit funds |
| Electronic Transactions Act 772 | Blockchain records legally valid | Your ownership token is legally enforceable evidence of your gold claim |
| Data Protection Act 843 | AES-256 encryption, Africa data residency | Your personal data cannot be shared without your consent |
| Cyber Security Act 1038 | Registered with Cyber Security Authority | Platform security meets national cybersecurity standards |
Six regulatory layers. Custodian escrow. Blockchain ownership. Join the waitlist.
Join the Waitlist