Four layers of credibility — cryptographic, transport & storage, independent attestation, indemnification. Each layer is verifiable by a different external party and mapped directly into the Fund Base Camp custody workflow described in how the platform operates from deposit through verification. The combination is the credibility; no single layer is sufficient on its own.
Cryptographic anchoring is verifiable against the Bitcoin blockchain. Transport & storage controls are verifiable against AWS CloudTrail and KMS audit logs. Attestation is verifiable against the publicly-posted CPA report. Insurance is verifiable against carrier-issued certificates of coverage.
Every document under custody is hashed with SHA-256 (FIPS 180-4) at deposit, and the resulting digest is anchored to OpenTimestamps — a free, open-source timestamping service that commits hashes to the Bitcoin blockchain. After ≥3 Bitcoin confirmations, the anchor is mathematically final: undoing the timestamp would require reorganising the Bitcoin chain. Investors and sponsors can independently verify custody records and timestamp proofs against the published transaction code.
For sponsors who prefer a traditional PKI-rooted proof, an RFC 3161 co-anchor (DigiCert or Sectigo TSA) is available as an opt-in. The two anchors are independent — and validate the same hash against two different trust roots.
Document objects are encrypted at rest with AES-256-GCM under KMS-managed keys. Each sponsor's SPVs are isolated into separate storage buckets with separate KMS keyrings; there is no shared bucket and no cross-tenant key reuse. Every object read is logged via AWS CloudTrail; logs are retained for seven years and are available under AUP sampling.
Network access is TLS 1.3 only; legacy TLS, plaintext HTTP, and SSL are not negotiated. The verification endpoint is fronted by a CDN with HSTS preload, strict Content-Security-Policy, and rate limits applied per IP and per code. These controls also extend across the sponsor-facing API and webhook infrastructure documented on the Fund Base Camp integrations architecture page.
A licensed CPA firm — Lukas & Co. CPAs, engaged for the first period — will perform Agreed-Upon Procedures over Fund Base Camp's custody records annually. The procedures sample a defined number of custody entries; confirm the underlying documents exist; recompute the SHA-256 digests; verify the OpenTimestamps anchors resolve against the Bitcoin blockchain; and confirm the verification page returns accurate responses for the sampled codes. First engagement is scheduled for Q3 2026 — scope is drafted; fieldwork begins July 2026.
Each report will be published openly at this URL, and every verification response will reference the period and firm of the most recent attestation. SOC 2 Type I readiness is in progress; Type II is planned for the year following Type I. The operational independence structure supporting these controls is further explained on the Fund Base Camp company and governance overview.
Fund Base Camp carries professional Errors & Omissions, a commercial crime / fidelity bond, cyber liability, and Directors & Officers coverage — sized to the dollar value of documents under custody, refreshed at each policy renewal. Certificates of insurance are provided to sponsors and their prospects on request. Carriers and limits are listed below in full.
Coverage exists for the protection of sponsors and their investors. Where a sponsor requires its prospects to be named as additional insured or for certificate-of-insurance language to be customised, this is accommodated at no incremental cost within standard tiers. Coverage support, onboarding scope, and custody tiers are outlined further within the Fund Base Camp pricing structure for sponsors.
Refreshed at each policy renewal. Where coverage is shown as BINDING, the quote has been accepted and the policy is in the process of being issued; coverage is in force as of the effective date.
Note Limits scale with assets under custody. The figures above reflect coverage adequate for the current scope of custody (Limen Markets Series 2026-A LLC, ≤ $25M assets under custody). Layers will be increased prior to onboarding sponsors whose aggregate custody scope warrants additional coverage. Certificates of insurance issued on request to security@fundbasecamp.com.
The most recent AUP report is the artifact converting "we promise we hold the documents" into "an independent CPA confirms we hold the documents." Engagement is annual; cadence may increase to quarterly as scale warrants.
Each annual engagement is performed by an independent licensed CPA firm under the AICPA's Statements on Standards for Attestation Engagements (SSAE). The procedures are pre-agreed and disclosed; the firm's role is to perform them and report findings, not to opine. These disclosure standards operate alongside the broader legal and compliance framework disclosed in the Fund Base Camp legal documentation center. The following are sampled or verified in every engagement:
Once the first engagement closes, the signed report will be published at this URL. Sponsors and counsel can be added to a notification list by emailing legal@fundbasecamp.com.
SOC 2 Fund Base Camp is in SOC 2 Type I readiness, with target Type I issuance in year 2 of operation and Type II issuance in year 3. Once SOC 2 Type II is in force, the annual AUP becomes complementary rather than primary for institutional audiences. Until then, the AUP is the primary independent attestation and is sufficient for the great majority of allocator due-diligence requests.
What's inside the Fund Base Camp trust boundary, what's outside it, where data crosses, and which controls govern each crossing. The boundary nodes are highlighted; anything inside the boundary is under FBC's direct control. Sponsors evaluating operational fit can review the broader onboarding and workflow process on the Fund Base Camp sponsor infrastructure page.
Access to custody materials is least-privilege by default, mediated by signed-in identity, and logged. The controls below cover human personnel; system-to-system access is covered by API key issuance and the architecture description above.
All personnel with any logical or physical access to custody materials pass a criminal and credit background check at engagement. Refreshed every three years and on role change.
All access to dashboards, AWS, and internal tooling is mediated by single sign-on with hardware security key (FIDO2) MFA. Passwords alone are insufficient anywhere in the system.
No standing access to production object storage. Access is requested per-task, time-boxed (≤8h), approved by a second person, and logged. Read-only access is the default; write access requires explicit justification.
At least one authorised signer on FBC LLC is not a signer for any Limen Markets entity. Bank accounts, EIN, accounting books, signing authority, and IT environments are separate. The independence covenant is reviewed quarterly.
Every object read, every API call, every dashboard action is logged via AWS CloudTrail. Logs are retained seven years, immutable (S3 object lock), and replicated to a separate AWS account for tamper-resistance.
Subprocessors (KMS, CDN, email, SSO) are reviewed at engagement and annually thereafter; SOC 2 / ISO 27001 reports collected and retained. The subprocessor list is provided to sponsors and their counsel under NDA.
We take responsible disclosure seriously and respond to security reports within one business day. Good-faith research is welcomed; we will not pursue legal action against researchers who follow the policy below.
If you've found a vulnerability — in the verification endpoint, the receipt PDF generator, the ingestion API, or anywhere else under fundbasecamp.com — please report it to security@fundbasecamp.com. General operational or sponsor inquiries should instead be directed through the official Fund Base Camp contact channel. PGP encryption is optional and available on request (see card alongside).