Attestation · Open Disclosure

Trust Center

Operator  American Eagle Equity Assets LLC Custodian of Record  in office Last reviewed  2026-04-22

Independent attestation

Independent third-party attestation of the Venue’s controls. Reports are made available to counterparties, counsel, and auditors under standard confidentiality terms. Status is reported as currently in fact, not as a prediction of certification.

SOC 2 Type II

In observation

Audit firm engaged. Observation window in progress. Report furnished on receipt under standard confidentiality.

ISO/IEC 27001:2022

Stage 1 complete

Stage 1 readiness review complete. Stage 2 certification audit scheduled.

Qualified Time-Stamp Authority

Attested

RFC 3161 TSA bound to every evidentiary event. eIDAS-qualified time-stamps available on request per Chamber.

Vulnerability disclosure

Published

Coordinated disclosure policy at below. Reports acknowledged within one business day.

Sub-processors

The Venue maintains a published sub-processor registry. The current registry is provided to Participants and counsel under the Participant Agreement and on Counsel Access designation. Material changes are announced 30 days in advance.

Operator and governance

The Venue is operated by American Eagle Equity Assets LLC. The Operator is the named party of attribution on every record of evidentiary weight. The Custodian of Record is a natural person designated by the Operator and signing under penalty of perjury.

Managing Director, Operator

Todd R. G. Hill — Managing Director, American Eagle Equity Assets LLC.

Mr. Hill leads the Operator’s execution of the Venue under these Rules. The role is identified here in the interest of attributability: every record of the Venue is signed under named authority, and that authority is published.

Juris Doctor · Master of Business Administration · LL.M. (Risk Management & Wealth Management, Texas A&M, May 2026)

Security disclosure

The Venue operates a coordinated vulnerability disclosure policy. Reports may be sent to security@ordinact.com. Reports are acknowledged within one business day. The Operator does not prosecute good-faith research conducted within the disclosure scope.

Scope

  • ordinact.com and all subdomains operated by AEEA.
  • The public verification surface at venue/verify.
  • The Factivault portal under contracted Chambers, where authorization in writing has been provided.

Out of scope

  • Denial-of-service testing of any kind.
  • Social engineering of Operator personnel, Custodian of Record, or admitted Participants.
  • Testing against third-party services and sub-processors.

Incident disclosures

Material incidents affecting the integrity of records of the Venue are disclosed to affected Participants within the timeframes specified in the Participant Agreement and to all Participants in summary form within 30 days of resolution. The disclosure log is provided on Counsel Access designation.