TrustEngineered, not promised · Reviewed quarterly

Trust is engineered. Below is the architecture.

A cross-border platform handling counterparty data and settlement flows across 25 African markets has to be auditable like infrastructure — not reassured like a brand. Four layers, each with explicit guarantees, an open methodology, and a packet your security and procurement teams can take to a board.

See the trust stack Request the trust packet

100%

of deals settle through escrow

99.9%

monthly uptime SLA

< 24h

support first response

verification tiers

FATF risk-rated jurisdictions

active African markets

The trust stack

Four layers. Each one auditable on its own.

Identity earns tier. Tier earns access. Access carries audit. Settlement reconciles back to identity. Every link is documented, instrumented, and re-verifiable against production state.

Layer I

Identity & Credentials

Every counterparty on the platform passes verified identity, credentials, and references before transacting. Four tiers, each with explicit unlock criteria.

Government-issued ID + liveness check
Sanctions screening (OFAC, UN, EU consolidated)
Credentials verified against issuing bodies
Two professional references minimum

Read the verification taxonomy

Layer II

Counterparty Verification

Identity earns tier. Tier earns access. Every opportunity records the verification tier of its publisher; counterparties always see who they are dealing with before signing.

Four-tier badging surfaced on every opportunity
Tier downgrades for stale credentials, surfaced publicly
Counterparty document room (deal memo + financials)
Independent reference call log for tier 3+

Read the metric methodology

III

Layer III

Escrow & Settlement

No deal closes without funds held in a segregated escrow account, dual-signed milestones, and full audit trail. 100% of platform transactions settle through this lifecycle.

Funds in segregated, named escrow accounts
Milestone-based release, dual-signed by both parties
PCI-DSS compliant payment infrastructure
Dispute hold within 7 business days to resolution

Read the SLA commitments

Layer IV

Compliance, AML & Audit

FATF-calibrated risk ratings across 64 countries, NDPR/GDPR/POPIA data sovereignty, automated AML/CFT screening on every user, and an immutable audit trail attached to every transaction.

FATF-based country risk model (64 jurisdictions)
Automated AML/CFT + sanctions screening
NDPR, GDPR, POPIA data sovereignty by region
Immutable audit trail per transaction

Read the security architecture

Layers compose. Failure in one isolates rather than cascades.

Regulatory posture

Seven frameworks. One operating spine.

AfCFTA

Rules of Origin verification

FATF

AML/CFT risk-rated (64 jurisdictions)

NDPR

Nigeria data sovereignty

GDPR

EU data protection compliant

POPIA

South Africa data protection

PCI-DSS

Payment processing standard

SOC 2

Type II readiness posture

Independent verification

We assume our own claims are insufficient.

Trust is earned by submission to outside review, not by self-attestation. Below is the standing programme — and the reviewer track for institutions that need to look deeper.

Third-party penetration testing

Quarterly engagements with independent security firms. Findings and remediation timelines tracked in the security packet, available to qualified institutional reviewers on request.

Continuous vulnerability scanning

Automated infrastructure scanning, dependency monitoring, and error tracking run continuously. Critical findings carry a defined remediation SLA (24-72h depending on severity).

SOC 2 Type II readiness

Infrastructure and processes engineered to SOC 2 Type II controls for security, availability, and confidentiality. Formal audit on the institutionalization roadmap; readiness report available to enterprise prospects.

Public methodology

Every public metric — pipeline, opportunities, countries, verified professionals — is defined, sourced, and re-verifiable against the production database. See /methodology for the full ledger.

Responsible disclosure

Active disclosure program at security@afrosynergy.com. Acknowledgement within 24h, critical resolution within 72h, no legal action against researchers following responsible disclosure.

For auditors & counterparties

The trust packet — delivered, not narrated.

Procurement teams, security reviewers, and risk committees can request the institutional packet for vendor assessment. We respond to RFPs, CAIQ, SIG, and bespoke questionnaire formats within standard turnaround.

Data Processing Agreement (DPA)

GDPR Article 28 standard contract

SOC 2 Type II readiness report

Control-by-control posture

Custom Enterprise SLA terms

Negotiable uptime + escalation paths

Security questionnaire response

CAIQ / SIG / vendor assessment formats

Insurance certificates

Cyber liability + E&O coverage

Penetration test summary

Most recent engagement findings

Request the trust packet Report a vulnerability

Thesis

When the system is open, trust isn’t asked for. It’s evaluated.

Every claim on this page either resolves to a live database, a published policy, an external auditor, or a documentable process. There is no “trust us.” There is only an architecture you can read, a packet you can request, and an inbox that answers when something looks wrong.

Read the full methodology Watch a deal close Read the thesis

Request the trust packet

Trust is engineered. Below is the architecture.

When the system is open, trust isn’t asked for. It’s evaluated.