Rooted in security.

Rooted in security.

At Privy, security requirements are established hand-in-hand with product requirements.

We sweat the details so you can operate securely.

At Privy, security requirements are established hand-in-hand with product requirements.

We sweat the details so you can operate securely.

All engineering is security engineering.

All engineering is security engineering.

Privy’s team, architecture and workflows are built with best-in-class security practices.

Strict access controls

Privy is SOC2 compliant, adheres to principles of least-priviledge and fine-grained access controls for all data and infrastructure. That means no team member can see data they aren’t supposed to.

Self-custodial architecture

Whether connecting with third-party wallets or using embedded wallets, your users’ assets are their own. Privy’s self-custodial embedded wallets are architected so only your user can access their private keys, and must give consent for every action.

Defense for your needs

Privy’s systems are configured so users can layer on defenses like linking additional sign-in methods, adding transaction MFA, or alternate recovery methods to secure their accounts.

Built on a secure cloud

Privy leverages best-in-class cloud providers to secure systems. All traffic is routed through proxies and Privy enforces rate limits, bot detection and input sanitization across the stack.

Friction where it matters.

Friction where it matters.

Secure controls to match your users’ needs.

Secure controls to match your users’ needs.

Self-custodial wallets

Architected so users are the only ones in control of their keys.

Self-custodial wallets

Architected so users are the only ones in control of their keys.

Self-custodial wallets

Architected so users are the only ones in control of their keys.

Transaction MFA

Multi-factor authentication triggered for all wallet interactions and transactions.

Transaction MFA

Multi-factor authentication triggered for all wallet interactions and transactions.

Transaction MFA

Multi-factor authentication triggered for all wallet interactions and transactions.

Secure authentication

Configurable passkey and biometrics-based authentication system.

Secure authentication

Configurable passkey and biometrics-based authentication system.

Secure authentication

Configurable passkey and biometrics-based authentication system.

User-based recovery

Users can manage wallet recovery with cloud and password-based recovery.

User-based recovery

Users can manage wallet recovery with cloud and password-based recovery.

User-based recovery

Users can manage wallet recovery with cloud and password-based recovery.

Fraud detection and monitoring

Fraud prevention detects anomalous activity to protect your users.

Fraud detection and monitoring

Fraud prevention detects anomalous activity to protect your users.

Fraud detection and monitoring

Fraud prevention detects anomalous activity to protect your users.

Bot protection

Privy protects you from bots with built-in captchas, rate limits and other defenses.

Bot protection

Privy protects you from bots with built-in captchas, rate limits and other defenses.

Bot protection

Privy protects you from bots with built-in captchas, rate limits and other defenses.

Battle-tested at scale

Battle-tested at scale

Independently reviewed and audited.

Independently reviewed and audited.

Privy works with security experts to review all systems and infrastructure. We undergo new audits regularly to address a changing threat landscape.

Cure 53

Cryptography Audit

February 2023

Status: Complete

Cure 53

Cryptography Audit

February 2023

Status: Complete

Zellic

Cryptography Audit

June 2023

Status: Complete

Zellic

Cryptography Audit

June 2023

Status: Complete

SwordBytes

Pentest

December 2023

Status: Complete

SwordBytes

Pentest

December 2023

Status: Complete

Doyensec

Infrastructure Audit

February 2024

Status: Complete

Doyensec

Infrastructure Audit

February 2024

Status: Complete

SOC 2 Type I

Soc 2 Attestation

May 2024

Status: Complete

SOC 2 Type I

Soc 2 Attestation

May 2024

Status: Complete

SOC 2 Type II

Soc 2 Attestation

December 2024

Status: In Progress

SOC 2 Type II

Soc 2 Attestation

December 2024

Status: In Progress

Cure 53

Cryptography Audit

February 2023

Status: Complete

Zellic

Cryptography Audit

June 2023

Status: Complete

SwordBytes

Pentest

December 2023

Status: Complete

Doyensec

Infrastructure Audit

February 2024

Status: Complete

SOC 2 Type I

Soc 2 Attestation

May 2024

Status: Complete

SOC 2 Type II

Soc 2 Attestation

December 2024

Status: In Progress

We want to work with security researchers.

We want to work with security researchers.

Think you’ve found something? Want to get access to our bug bounty program? Reach out to [email protected].

Think you’ve found something? Want to get access to our bug bounty program? Reach out to [email protected].