How does ZeroCopy keep our keys secure?

Keys are generated inside an AWS Nitro Enclave running in your own VPC. They never leave the hardware boundary. ZeroCopy does not have access, and AWS does not have access. Attestation via PCR0 measurement proves to your auditor that the signing code running is exactly the open-source build you reviewed.

Is ZeroCopy a custodian under MiCA or CASP rules?

No. ZeroCopy is self-custody infrastructure. Keys never leave your AWS account, so you are the sole custodian. Consult your legal counsel for your specific jurisdiction, but the architecture is designed to avoid triggering crypto-asset service provider custody obligations.

What compliance frameworks does ZeroCopy support?

SOC 2 Type II examination is scheduled for Q3 2026 under the AICPA Trust Services Criteria. The architecture supports SEC 17a-4 immutable audit logs via S3 Object Lock. All signing operations produce cryptographic attestation documents suitable for third-party audit.

How fast is ZeroCopy Sentinel for institutional signing?

Sentinel targets 62µs P99 ECDSA signing latency (modeled via Weibull fit; production validation pending). That is 2,107x faster than AWS KMS at 130ms P50, and approximately 1,215x faster than Turnkey at 75ms P50.

Can I deploy Sentinel in my own AWS VPC?

Yes. Sentinel runs entirely within your AWS VPC on instances you control. ZeroCopy provides Terraform modules for provisioning the AWS Nitro Enclave. Your signing traffic never leaves your network perimeter.

How does Sentinel differ from Fireblocks for institutional use?

Fireblocks uses MPC-CMP signing at 100-500ms, designed for cold-storage governance workflows. Sentinel uses hardware-isolated signing at 62µs, designed for high-frequency autonomous execution. Most institutional deployments use Fireblocks for the treasury vault and Sentinel for the active trading pod.

What is the kill switch and how does it work?

The kill switch is a cryptographic revocation mechanism. A single API call broadcasts a signed revocation token to all Sentinel pods in your fleet. Each pod verifies the revocation and halts signing within sub-millisecond time, without requiring network connectivity to ZeroCopy.

How long does enterprise onboarding take?

Approximately 45 minutes from zero to first signed transaction using the zcp CLI. Enterprise onboarding with custom policy rules, multi-region deployment, and audit log configuration typically takes one to two weeks with white-glove support.

Sentinel: live in your VPC

Your keys never leaveyour VPC.

Your signing stays under 50µs. Funds $100M to $5B AUM run Sentinel in shadow mode for a week before pointing live flow at it.

Book a 30-min architecture call Read the Whitepaper

SOC 2 Type II

examination scheduled Q3 2026

We do not claim other framework certifications today. Where compliance teams need a specific control map (NIST SP 800-53, ISO 27001), we provide it on request.

What your compliance team will ask, and what we say back.

Sentinel runs inside an AWS Nitro Enclave you control. We don't custody your keys. We don't see your trades.

Immutable Audit Log (SEC 17a-4)

Append-only log with hash-chained entries. Regulators get read-only access via a signed audit token. Six-year retention enforced by the enclave itself, not by us. Tampering would require breaking the SHA-256 chain. We'd notice within one log scan.

SOC 2 Type II (Q3 2026)

Annual third-party security audit covering confidentiality, integrity, and availability of your trading infrastructure. Full attestation for LPs and regulators.

Access control verification
Encryption best practices
Incident response procedures

GDPR Data Sovereignty

Keys and sensitive data stored in your VPC within your chosen geographic region. Full control over data residency. No cross-border data flows without your explicit approval.

EU / US / APAC deployment
No automatic telemetry outside region
Right to deletion guaranteed

MiCA Readiness (EU)

Custody requirements, transaction reporting, operational resilience, all built-in. Deploy to EU without additional compliance work.

Governance structure compliance
Operational resilience standards
Custody asset segregation

Architecture: Hardware Isolation at Scale

Your VPC. Your keys. Your control.

Your AWS Account (Isolated)

Sentinel Nitro Enclave

Signing Keys (Isolated)

ECDSA / EdDSAPCR-bound attestationPolicy Engine (Turing)62µs p99 signing

vsock IPC

Your Application

Trading LogicRisk ManagementAPI Endpoints

HTTPS (TLS 1.3)

Command Center (Monitoring)

Real-time metricsCompliance dashboardKill-switch capability

All infrastructure owned and managed by your institution.

How Sentinel Compares

Why institutional-grade funds choose Sentinel over alternatives.

	Sentinel	Fireblocks	AWS KMS	Hardware HSM
Signing Latency	62µs p99	500-2000µs	100-500µs	50-200µs
Vendor Key Access	Zero	Via MPC	AWS has access	HSM provider has access
Audit Trail	Immutable (SEC 17a-4)	Modifiable	CloudTrail (editable)	Device-local only
Policy Engine	Turing-complete	Rules-based	Fixed policies	No runtime policy
Attestation	PCR-based + software	No hardware attestation	AWS attestation only	Device certificate

Talk to us about deployment + pricing →

Enterprise-Grade Features

Deployed at scale for institutional capital.

Multi-Region Deployment

Enclaves across EU, US, and APAC. Data residency compliance. Automatic failover.

Custom Policy Engine

Write arbitrary Rust logic for transaction validation. Enforce your risk limits at the enclave level.

Source Code Escrow

Full access to proprietary Sentinel codebase. Deploy on your own hardware if needed.

Dedicated Support

24/7 engineering team. Direct hotline for critical incidents. Architecture review included.

Compliance Reporting

Automated reports for SOC 2, SEC 17a-4, MiCA, and GDPR audits. Regulators included.

Kill-Switch Capability

EU AI Act Article 14 compliant. Emergency halt of all signing operations in <1ms.

Three Deployment Models

Pick the model that fits your security posture, ops capacity, and integration timeline. Every model preserves customer-owned keys and hardware attestation.

Most Common

Customer VPC

Sentinel enclave runs entirely inside your AWS account. We never touch your data plane.

Keys generated + bound to your KMS
Your security team owns IAM + Terraform
Time-to-first-sign: 2–4 weeks
Support: business hours + on-call

Best for: $100M+ AUM funds with in-house infra

Hybrid Managed

You own the data plane (keys + signing). We manage the control plane (policy updates, audit pipelines, observability).

Same key isolation as VPC
Policy + dashboard updates pushed by us
Time-to-first-sign: 1–2 weeks
Support: 24/7 incident response

Best for: lean trading teams without dedicated infra ops

Embedded Engineering

We ship engineers into your team for the duration of the pilot. Custom venue integrations, kernel-bypass tuning, founder-level engagement.

Dedicated engineers on-site or remote
Custom policy engine + venue adapters
Time-to-first-sign: 4–8 weeks
Support: founder-level engagement

Best for: market makers + funds running unusual venues

All three models share the same enclave, the same attestation surface, and the same key isolation. The difference is who runs the wrench.

The 90-Day Pilot

Every engagement starts with a structured pilot. Shadow mode first, production cut-over second, signed success criteria at week 12.

Weeks 1–2

Onboarding

VPC peering, identity bootstrap, key generation or import inside the enclave, PCR baseline captured. Your security + ops team get the attestation decoder + runbook.

Weeks 3–6

Shadow Mode

Sentinel signs every transaction in parallel with your existing stack. We measure jitter delta + verify policy parity. Zero production risk until you flip the flag.

Weeks 7–10

Production Cut-Over

Canary rollout: 1% → 10% → 50% → 100% of signing traffic. Auto-revert if jitter or error budget breach. Your ops team owns the kill switch from day one.

Weeks 11–12

Success Review

Signed success criteria review: latency vs baseline, alpha retention bps, attestation audit log, runbook handoff. Convert to a multi-year contract, scale up, or part ways.

Start the pilot conversation

The Cost of Doing Nothing

Move the sliders to see the modeled monthly alpha leakage your current jitter is shipping to the venue. The number is shape, not quote; we calibrate to your actual order book on the discovery call.

Monthly trading volume$1,000M

$100M$50B

Current p99 signing jitter200µs

20µs2000µs

Modeled at $0.10 of slippage per $1M of notional per µs of P99 jitter (upper-middle of HFT-trader rule-of-thumb). Calibrated against architecture benchmarks, not a specific client. See methodology.

Modeled monthly alpha bleed

$20,000

At $1,000M/mo volume and 200µs P99 jitter, you ship roughly this much alpha to the venue every month in execution variance. Yearly run-rate: $240,000.

Sentinel target: 62µs p99 (modeled recovery)

$15,800/mo

Cutting jitter from 200µs to Sentinel's architecture target of 62µs retains 158µs of variance per signing operation. Discovery call to calibrate the math to your actual order book.

Calibrate to your actuals →

See Sentinel in Action

Architecture scenarios modeling the latency + custody-risk delta a $250M emerging fund could achieve with Sentinel deployed in an 8-week pilot.

Scenarios: not specific client engagements. Named references available under NDA after discovery.

Read the architecture scenarios

Ready to Deploy Sentinel?

We can have Sentinel live in your VPC within 2-4 weeks. Shadow mode first, production on your schedule.

Book a 30-min architecture call Read Technical Whitepaper

Your keys never leaveyour VPC.

Your signing stays under 50µs. Funds $100M to $5B AUM run Sentinel in shadow mode for a week before pointing live flow at it.

SOC 2 Type II

examination scheduled Q3 2026

We do not claim other framework certifications today. Where compliance teams need a specific control map (NIST SP 800-53, ISO 27001), we provide it on request.

Sentinel

Fireblocks

AWS KMS

Hardware HSM

Signing Latency

62µs p99

500-2000µs

100-500µs

50-200µs

Vendor Key Access

Zero

Via MPC

AWS has access

HSM provider has access

Audit Trail

Immutable (SEC 17a-4)

Modifiable

CloudTrail (editable)

Device-local only

Policy Engine

Turing-complete

Rules-based

Fixed policies

No runtime policy

Attestation

PCR-based + software

No hardware attestation

AWS attestation only

Device certificate