All credentials are live, BIR-scannable via Certificate of Registration QR code, and independently verifiable at the LRA PPSR registry and BIR EIS portal.
| Entity | Indigenous Sovereign Estate Trust Trade name: ISET |
| BIR TIN | 683-706-670-000✓ BIR |
| OCN | 098RC20260000001023 COR issued February 9, 2026 |
| Taxpayer type | Trust — Filipino Citizen |
| PSIC | 64304 — Trust Corporation |
| Line of business | For Fiduciary Purposes |
| RDO | 098 — West Misamis Oriental |
| TIN issued | September 1, 2025 |
| Address | B14 L26 Leicester Road, Hillsborough Pointe, Carmen 9000, Cagayan de Oro, Misamis Oriental |
| Tax types | VAT (2550Q) · Income Tax (1701/1701Q) · Withholding (0619E, 1601EQ) |
| Juridical entity | No. 2025-372919✓ LRA Root signing authority |
| Individual | No. 2025-334841✓ LRA |
| Legal basis | RA 11057 §11 — priority from registration timestamp |
| Verification | LRA PPSR portal — independently verifiable |
| Crown authority | isp://crown/authority/v1.0 |
| Protocol | ISP v1.0 · 428 active codes |
| Signing standard | Post-quantum · NIST FIPS 204 |
| Proof of transaction | Fiduciary Access Certificate Civil Code Arts. 1440–1457 · RA 8792 §7 |
Fiduciary operates under a sovereign fiduciary chain grounded in Philippine statutory law and international indigenous rights instruments.
| Civil Code Arts. 1440–1457 | Trust law — ISET operates as a Philippine trust entity. Establishes fiduciary obligations, trustee authority, and beneficiary rights. |
| RA 8792 §7 | Electronic Commerce Act — Fiduciary Access Certificates are valid electronic records admissible in court and BSP examination. |
| RA 11057 §11 | Personal Property Security Act — PPSR registration establishes legal priority of ISET's data estate interests. |
| RA 10173 §12 | Data Privacy Act — FPIC consent required before data processing. Satisfied by POST /v1/consent. |
| RA 12010 §6–7 | AFASA — §6 institutional liability controls; §7 audit trail requirement satisfied by GET /v1/audit/:id. |
| UNDRIP Arts. 3, 4, 19, 20 | Indigenous self-determination and sovereignty — foundational to ISP v1.0 protocol architecture and FPIC consent model. |
ISET issues a FAC for every compliance event. It is a trust instrument under Philippine Civil Code trust law, not a commercial sales invoice or BIR Official Receipt. Each FAC carries an Post-quantum signature and is permanently verifiable at fiduciary.technology/verify.
| Legal basis | Civil Code Arts. 1440–1457 (trust law) + RA 8792 §7 (electronic record) |
| Court-admissible | Yes — Post-quantum signed, permanently resolvable, hash-chained |
| BIR OR? | No. FAC is a trust instrument, not a commercial invoice. Institution withholds 2% EWT and issues BIR Form 2307 to ISET quarterly per RR 11-2018. |
| Verification URL | fiduciary.technology/verify?id=[VID] |
| EWT mechanism | Institution withholds 2% · Issues BIR Form 2307 to ISET · Records FAC + 2307 as supporting documents |
| VAT treatment | ISET files 2550Q quarterly. FAC subtotals are VAT-inclusive. TIN on every FAC enables BIR input VAT claim by institution. |
Every API response carries a machine-readable ISP code mapping the event to its regulatory obligation, plus an Post-quantum post-quantum signature.
| 023 | Phishing-resistant authentication · BSP Circular 1213 §4 |
| 260 | Payee / KYC verified · BSP Circular 1213 §4(2) |
| 558 | Transaction risk scored · BSP Circular 1213 §3 |
| 006 | FPIC consent recorded · RA 10173 §12 / UNDRIP Art. 19 |
| 604 | Audit trail retrieved · AFASA §7 · RA 8792 §7 |
| 460 | Data breach notified · RA 10173 §30 · 72h NPC clock |
| Standard | NIST FIPS 204 — Module-Lattice-Based Digital Signature |
| Security level | NIST Security Level 3 — equivalent to AES-192 |
| Quantum-resistant | Yes — secure against both classical and quantum attacks |
| Applied to | Every API response · Every audit record · Every FAC |
| Hash algorithm | SHA3-256 — audit trail chain-of-custody hash |
| Authority URI | isp://crown/authority/v1.0 |
Honest status of each standard VDD item as of May 2026. Aspirational claims without evidence are omitted.
FidTech's architecture maps to BSP's Technology Risk and Innovation Supervision Department (TRISD) examination criteria.
| Examination Objective | FidTech Architectural Response | Statement |
|---|---|---|
| Zero trust architecture | Post-quantum device-bound credential. Every API call verified independently. No implicit session trust. | Zero trust identity on every call |
| Identity and access management | ISP 023 + 155. Phishing-resistant passkey + device attestation + post-quantum signing. | Aligned to BSP Circular 1213 §4 |
| Data governance and classification | PPSR-registered data estates. FPIC consent scope defined per RA 10173 §12. | PPSR-registered data classification |
| Third-party vendor risk | Signed ISP code in every response constitutes per-call vendor risk evidence. This VDD pack. | Vendor risk evidence in every response |
| Cloud / infrastructure architecture | Cloudflare Workers edge. Philippine data residency. D1 + R2 + KV at the edge. | Edge-native, PH data residency |
| Audit and examination documentation | GET /v1/audit/:id — ISP 604. Post-quantum signed. Permanently retrievable. RA 8792 §7. | Examination-ready audit trail |
| Breach notification | POST /v1/breach — ISP 460. 72h NPC clock. Automated 48h reminder. Free on all tiers. | Automated breach notification |
| Account protection / fund hold | POST /v1/incident — ISP 461. AFASA §6 access suspension + §7 30-day fund hold. Post-quantum signed. Free on all tiers. | Statutory protective hold · AFASA §6+§7 |
| Data protection | SHA3-256 Consent Ledger. Post-quantum signatures. R2 Object Lock (immutable records). | Tamper-evident immutable protection |
| Endpoint security | Post-quantum device-bound credential — the device is the cryptographic anchor for every call. | Device-bound PQC credentials |
| Business continuity | Cloudflare global edge. Queued async processing survives node failures. No single point of failure. | Distributed, no single point of failure |
| Basis | RA 10173 (DPA 2012) · NPC Circular 16-01 |
| Data controller | The institution (BSP-supervised entity) |
| Data processor | ISET / fiduciary.technology |
| Processing purpose | BSP Circular 1213 compliance verification only |
| Sub-processors | Cloudflare Inc. (infrastructure) · Resend Inc. (notifications) |
| Data residency | Philippine data residency via Cloudflare PH edge |
| Retention | Audit records: permanent (RA 8792 §7 compliance). Transaction data: 90 days. |
| Availability | Full DPA template available on request at compliance@fiduciary.technology |
| Standard MSA | Available on request. Email compliance@fiduciary.technology with institution name. |
| SLA commitment | 99.9% uptime · 4h incident response · P1 escalation path |
| Liability cap | 12 months of fees paid — negotiable for Enterprise |
| Indemnification | Mutual. IP infringement carved out. |
| Exit provisions | 30-day written notice. Full data export within 30 days of termination. |
| Governing law | Republic of the Philippines · RTC jurisdiction |
| Negotiable? | Yes for Enterprise tier. Standard template for Starter and Scale. |
| General / procurement | compliance@fiduciary.technology |
| Security incidents | security@fiduciary.technology 4-hour response SLA · 72h NPC clock auto-triggered via POST /v1/breach |
| Data privacy | privacy@fiduciary.technology DPO designation Q2 2026 |
| BSP examination support | compliance@fiduciary.technology Audit trail retrieval assistance · GET /v1/audit/:id guidance · On-site support (Enterprise) |
| Pre-production stress test | 72-hour stress test key available · 10,000 calls/hour · Real Post-quantum signatures Email compliance@fiduciary.technology with institution name and planned test date |
| Platform status | status.fiduciary.technology Real-time endpoint health · Incident history |
| Verify this pack | fiduciary.technology/vdd Live credentials page · BIR OCN and PPSR numbers always current |