Skip to content
HalalCrypto

External assurance

Independent review, before public certification wording.

HalalCrypto has prepared a two-track audit plan so religious methodology and technical controls are reviewed by the right specialists. The site can say what is already true today, but it will not claim external certification until an engaged firm permits that exact wording.

Read methodologyRead risk disclosure

Shariah assurance

Independent review of the AAOIFI-aligned screening framework, status labels, product exclusions, and public claim language.

  • Methodology and evidence requirements
  • Spot-only, no-leverage, no-margin boundaries
  • Public wording for research, screening, and review status
  • Governance required before any public certification wording

Security assurance

Independent review of the web app, APIs, Cloudflare/OpenNext deployment, Supabase controls, and key-scope claims.

  • Public site, waitlist, affiliate, and API surfaces
  • Origin proof, body caps, rate limits, and service-role paths
  • No-withdrawal exchange-key validation
  • Deploy verification, rollback, logs, and incident response

Current status

  1. 1

    RFP package prepared with separate Shariah and security scopes.

  2. 2

    Budget, contract, and legal approval required before any firm is engaged.

  3. 3

    NDA and sanitized evidence pack shared with selected firms.

  4. 4

    Findings triaged by severity and remediated with source changes and proof.

  5. 5

    Retest completed before any firm name or public summary is used.

Website findings applied

Latest readiness review: 2 of 2 public website findings applied.

This is source-level remediation and live proof, not a third-party certificate.

HC-WEB-2026-05-21-01 - Applied live

AI citation wording

The public AI guidance no longer repeats false certification phrases as examples. It uses generic no-overclaim instructions instead.

HC-WEB-2026-05-21-02 - Applied live

Public assurance boundary

The homepage and assurance page keep the RFP-prepared status visible and do not claim completed external certification or endorsement.

What we will not claim

Conservative language is part of the product. The audit track is meant to reduce overclaim risk, not create marketing shortcuts.

  • No fatwa claim.
  • No formal AAOIFI certification claim.
  • No external firm endorsement until contract terms permit public use.
  • No production secrets, customer PII, or exchange keys sent in an evidence pack.

Finding remediation SLA

Critical

Freeze affected claims or production paths immediately; patch or roll back before further promotion.

High

Fix within 72 hours, add a regression test or live probe, and request retest.

Medium

Fix within 7 days unless the auditor marks it launch-blocking.

Low

Schedule in backlog and document rationale if not fixed before launch.

Apply findings

The latest public website findings are applied on the live site. Every future accepted auditor finding must produce a source issue, owner module, code or content change, verification evidence, retest status, and decision-log entry if the finding is delayed or declined.

Contact HalalCrypto