Don't trust the binary — verify it. How Burein is built, escrowed, signed, attested, and independently reproducible — and why your regulator is going to be okay with it.
Every Burein release builds bit-for-bit identical across machines and CI runs. Customers can independently rebuild and diff.
Every artifact carries provenance attesting the build environment, source revision, and inputs.
Signed releases. Public verification keys. Revocation possible.
Full SBOM with every release. No surprise transitive dependencies. Zero non-vendor native deps on mobile is the target.
Source-code escrow with an independent agent is a standard commitment, not a contract you fight for. Your security team reads exactly what executes on your customers' devices — no opaque binary, no blind trust.
We publish our CI test results, and each bank gets its own dedicated build. You can prove the binary you ship matches the source you audited — and verify it independently.
Purely computed / derived. No PII. Always on.
Device characteristics. No direct identifiers. On by default.
Quasi-identifiers (WebRTC IPs, ad-ID, MAC). Opt-in.
Restricted (IMEI, MSISDN). Opt-in + matching platform permission.
Talk to us about your fraud and integrity goals — we'll show you the signals that matter for your stack.