Sigrid is built for an environment where the cost of getting a single trade identity wrong is measured in P&L and regulatory attention. The posture below describes what Sigrid is designed to provide in production.
The v1 demo application on this site uses entirely mock data. No real trade attestations, signing secrets, or counterparty credentials are handled by the public demo.
Sigrids are derived from a strictly canonical representation of trade terms. Canonicalisation is done before any hashing, so there is no path by which minor formatting differences can produce different Sigrids for the same economic trade.
All service requests between a party and Sigrid are HMAC-signed with a per-party secret. Replay attacks are mitigated through nonces and timestamp windows. Signed requests are authenticated and integrity-checked before processing.
Signing secrets never reach the browser. Attestation signing is performed server-side by a party's backend or an installed sidecar. The web UI calls authenticated routes rather than signing directly.
Within a party, operational access to the pair room is role-aware. Analysts, leads, and auditors see the views appropriate to their role. Cross-desk confidentiality is preserved inside the firm.
Every note, status transition, and resolution action is recorded with actor, party, timestamp, and match identifier. The audit log is designed to be exportable and post-incident reviewable.
The identity layer is built to accept enterprise SSO (SAML, OIDC) from day one in production. Demo deployments use mock users; production deployments integrate with customer IdPs.
The web application is explicitly designed such that no customer secrets, signing keys, or cross-party credentials exist in client-side code. Sensitive operations go through authenticated server routes.
Sigrid is early. This page describes the security posture of the product as designed. It is not a SOC 2 attestation, a completed ISO 27001 certification, or a penetration-tested production system. Formal certifications, third-party audits, and deployment documentation are part of the design-partner engagement roadmap. If you are an operations or risk function evaluating Sigrid, we are happy to walk through the current posture, gaps, and timeline in detail.