Alluvial Achieves SOC 2 Type 1 Compliance

This rigorous, independent report affirms Alluvial’s dedication to upholding the highest standards for data security and operational integrity.

May 20, 2025 — Alluvial is proud to announce that it has successfully completed its SOC 2® (System and Organization Controls 2) Type 1 examination, marking a significant milestone in our ongoing commitment to security, transparency, and trust. This rigorous, independent report affirms Alluvial’s dedication to upholding the highest standards for data security and operational integrity.

Conducted by an independent auditor in accordance with the AICPA's Trust Services Criteria for Security, the SOC 2 Type 1 report assures that Alluvial has designed and implemented robust internal controls to safeguard customer data and meet rigorous security standards as of the report date.

“Achieving SOC 2 Type 1 is a testament to Alluvial's unwavering dedication to enterprise-grade security and risk management," said Mischa Tuffield, Chief Technology Officer at Alluvial. "We view security as not just a feature, but a fundamental requirement—particularly when it comes to products that orchestrate staking at an institutional scale and secure API access to Liquid Collective's LsToken stack. This milestone assures our partners, customers, and stakeholders that we operate with a strong control environment and security-first mindset.”

The scope of this audit included Alluvial’s Professional Services System, which underpins our enterprise-grade staking APIs and software solutions designed to increase participation in proof-of-stake blockchain systems. This includes data, systems, and processes powering the Alluvial API suite, facilitating enterprise on-ramps to staking through Liquid Collective, development services to shepherd Liquid Collective’s product development and growth, and Alluvial SMS, a customizable staking management platform for institutions. The report confirms that Alluvial’s system and its associated controls were suitably designed to meet the trust services criteria for security.

Key highlights of the audit include:

• Robust access controls: Implementing strict access controls based on the principle of least privilege, ensuring that access to sensitive information and systems is granted only as needed
• Proactive risk management: Employing continuous risk assessment and security monitoring procedures to identify and address potential threats swiftly
• Data protection: Use of encrypted data transmission and storage, safeguarding information throughout its lifecycle
• Resilience and recovery: Maintaining defined incident response, backup, and disaster recovery protocols to ensure business continuity and data integrity
• Secure development practices: Adhering to rigorous change management and software development lifecycle practices to ensure the security and stability of our offerings
• Infrastructure security: Leveraging logical and physical infrastructure controls, operated in conjunction with AWS, to provide a secure operating environment

SOC 2 is widely-recognized as the “gold standard” for independent, point-in-time security control evaluations. Achieving SOC 2 Type 1 compliance is an important validation of Alluvial’s current security posture and lays a strong foundation for future endeavors. Alluvial will continue working toward SOC 2 Type 2 certification, which will further attest to the operational effectiveness of these controls over time.

For more information or to request access to the full SOC 2 Type 1 report under NDA, please contact us.