11 things we promise + prove

Every Klaro surface tags itself as live testnet, simulated, access-gated, partner-pending, or mainnet-only. We never let UI pretend to be more than it is.

Release rule: only required hashes and wallet references may reach Arc. Real compliance data handling must be verified before launch.

Solidity contracts are present in the repository for review. Deployment and independent audit evidence are not yet published.

Target live behavior: verified Arc settlement can anchor a receipt. Current receipt screens clearly identify simulated previews.

Required before live funds: passing contract tests, security analysis, coverage evidence, and independent review of money-moving paths.

Demo disputes expose recorded decisions. Live on-chain audit stamping must be enabled and verified before funds can move.

We don't hold customer fiat. We don't originate loans. We don't issue credit. Klaro is software for stablecoin-native vendor flows.

Every pull request is reviewed against a fixed set of principles — no overclaiming, no PII on chain, money flows modelled as explicit state machines, honest status labelling on every surface.

Slither, Mythril, and Echidna pass on the published contract set before any mainnet promotion. Halmos formal verification covers the release, mint, and dispute-decision paths. Audit reports are published.

Immunefi program launches at mainnet. Critical USDC-custody vulnerabilities qualify for up to $100k. Coordinated disclosure 90-day clock.

BetterStack-powered status.klaro.so. 99.9% uptime objective. PagerDuty 24/7 on-call for severity-1 incidents.