Trust
Security
Last updated: 8 June 2026
Loam moves money between agricultural businesses across borders. Every counterparty is verified before it can move funds, balances are segregated, and activity is continuously monitored. This page summarises how we protect counterparties, funds, data, and infrastructure. For a shorter overview, see the security overview.
Verified counterparties
Every organisation on Loam passes KYB verification, including Chainalysis-grade wallet screening, before it can send or receive. Sanctions and AML checks run continuously, not just at onboarding.
Custody and segregation of funds
Fiat is held at tier-1 partner banks; stablecoins are held in regulated custody or a self-custody wallet you control. Client funds are segregated from AgriDex operating funds and never commingled.
Encryption
Data is encrypted in transit (TLS) and at rest (AES-256). Backups are encrypted and stored in access-controlled object storage. Secrets are held in managed key-management services, never in source code.
Access controls
Least-privilege access to production systems and data. Access is authenticated, logged, and monitored; privileged actions require additional controls. Wallet and signing operations are protected by KMS-backed key custody.
Monitoring and fraud detection
Transactions are continuously monitored for anomalous and suspicious activity, with automated alerting to the operations team. Every action, settlement, and invoice is timestamped and linked for a complete audit trail.
Infrastructure
Loam runs on hardened cloud infrastructure with network isolation, regular patching, and immutable, append-only event records for sensitive aggregates.
Compliance
We operate under EU/UK GDPR and applicable AML and trade regulations. See the Privacy Policy for data handling. We are working toward SOC 2 certification.
Responsible disclosure
If you believe you have found a security vulnerability, email security@agridex.com with enough detail to reproduce it. Please give us a reasonable window to investigate and remediate before any public disclosure, and do not access, modify, or exfiltrate data that is not yours while testing. A formal vulnerability disclosure policy is in preparation.
Contact
Security questions: email security@agridex.com.