Security

Your investment,
protected at every layer

Six layers of
investor protection

🏦
SEC Custodian Bank Escrow

All investor capital is held in a ring-fenced custodian bank escrow account at an SEC-licensed Ghanaian bank. Your funds are legally segregated from PRC Group's operational capital. The custodian bank releases funds to PRC Group only upon confirmation that procurement from a GoldBod-licensed supplier has been authorised. If a pool fails to reach 90% within 90 days, all funds are returned in full.

🔐
AES-256 Encryption at Rest

All investor personal data, KYC documents, and financial records are encrypted with AES-256 (Advanced Encryption Standard, 256-bit key) at rest on AWS af-south-1. This is the same encryption standard used by global banks and classified government systems. Key management is handled via AWS KMS with automatic key rotation every 365 days.

🛡
TLS 1.3 in Transit

All data transmitted between your device and GoldPool's servers is encrypted with TLS 1.3 — the latest and most secure version of the Transport Layer Security protocol. TLS 1.3 removes legacy cipher suites and reduces the attack surface compared to earlier versions. Certificate management is via AWS Certificate Manager with automatic renewal.

🪪
Biometric KYC & Liveness

Ghana Card verification via Smile Identity includes liveness detection (ensuring a real person is present, not a photograph) and biometric matching against the NIA database. This prevents identity fraud at onboarding. All investors are re-screened against global sanctions lists and PEP (Politically Exposed Person) databases every 30 days post-onboarding.

📡
AML Monitoring

Continuous transaction monitoring under AML Act 1044. Velocity alerts (more than 2 pools in 48 hours), threshold alerts (aggregate ≥$4,800), and pattern-based risk scoring. Suspicious Activity Reports are filed with Ghana's Financial Intelligence Centre (FIC) within 5 business days of detection. All alerts are logged in an immutable audit trail.

Immutable Blockchain Records

Once your ownership token is written to the Hyperledger Fabric ledger, it cannot be altered, deleted, or disputed. The ledger is maintained across multiple validator nodes. There is no single point of failure. Your ownership record exists independently of GoldPool's own systems — you can verify it directly on the ledger at any time.

Compliance as
investor protection

Ghana's regulatory framework for GoldPool's activities provides a layer of investor protection that no private security architecture can replicate. Here is exactly what each regulation requires of us — and how that protects your investment.

RegulationWhat It RequiresHow It Protects You
GoldBod Act 1140All gold purchases from GoldBod-licensed Tier 1/2 suppliers onlyYour gold is legally sourced and cannot be seized or disputed
SEC CWF Guidelines 2024Investor capital in SEC-licensed custodian bank escrowPRC Group cannot access your funds before procurement is authorised
AML Act 1044KYC, CDD, EDD, FIC reportingYou invest alongside verified, screened investors — no commingling with illicit funds
Electronic Transactions Act 772Blockchain records legally validYour ownership token is legally enforceable evidence of your gold claim
Data Protection Act 843AES-256 encryption, Africa data residencyYour personal data cannot be shared without your consent
Cyber Security Act 1038Registered with Cyber Security AuthorityPlatform security meets national cybersecurity standards
Invest with
confidence

Six regulatory layers. Custodian escrow. Blockchain ownership. Join the waitlist.

Join the Waitlist
Landing Investor Admin