Security at OnChainProof
Protecting your data and privacy is fundamental to everything we build. Here's how we keep your information safe.
Non-Custodial Architecture
We never access, store, or control your private keys, seed phrases, or funds. Our platform only reads publicly available on-chain data through read-only wallet connections.
Encryption in Transit & at Rest
All data transmitted between your browser and our servers is encrypted using TLS 1.3. Sensitive data stored in our databases is encrypted at rest using AES-256.
Password Security
User passwords are hashed using bcrypt with a cost factor of 12. We never store plaintext passwords. Password reset tokens are cryptographically generated and expire after 1 hour.
Infrastructure Security
Our application is hosted on Vercel's edge network with automatic DDoS protection, CDN-level caching, and isolated serverless function execution. Database connections use SSL with certificate verification.
Vulnerability Management
We conduct regular dependency audits, use automated security scanning in our CI/CD pipeline, and promptly patch known vulnerabilities. Critical security updates are deployed within 24 hours.
Data Minimization
We collect only the minimum data necessary to provide our services. We do not sell personal data to third parties. Non-essential cookies require explicit user consent before being set.
Report a Vulnerability
If you discover a security vulnerability, please report it responsibly. We take all security reports seriously and will respond within 48 hours.
security@onchainproof.io