Privy’s team, architecture and workflows are built with best-in-class security practices.
Strict access controls
Privy is SOC2 compliant, adheres to principles of least-priviledge and fine-grained access controls for all data and infrastructure. That means no team member can see data they aren’t supposed to.
Self-custodial architecture
Whether connecting with third-party wallets or using embedded wallets, your users’ assets are their own. Privy’s self-custodial embedded wallets are architected so only your user can access their private keys, and must give consent for every action.
Defense for your needs
Privy’s systems are configured so users can layer on defenses like linking additional sign-in methods, adding transaction MFA, or alternate recovery methods to secure their accounts.
Built on a secure cloud
Privy leverages best-in-class cloud providers to secure systems. All traffic is routed through proxies and Privy enforces rate limits, bot detection and input sanitization across the stack.
Privy works with security experts to review all systems and infrastructure. We undergo new audits regularly to address a changing threat landscape.