Skip to main content
Privy’s policy engine gives your application programmable control over how every wallet can be used. Instead of relying on ad-hoc checks in your code, you can define enforceable rules at the key level that govern what actions a wallet may take. With policies, you can configure:
  • Transfer limits
  • Time-bound signers
  • Allowlists and denylists of transfer recipients
  • Allowlists and denylists of smart contracts and programs
  • Allowlists and denylists of networks
  • Allowed time window for key export
  • Granular constraints around calldata and parameters that can be passed to smart contracts
  • Restrictions around signatures needed for transactions, such as EVM typed data (EIP712)
This allows teams to define security, compliance, and behavioral rules that are applied consistently across all wallets in production. Managing policies in the Privy Dashboard

Concepts

Privy’s policy engine is defined by three core primitives: policies, rules, and conditions; and is designed to give developers precise control over wallets behavior. At a high-level:
  • A policy is the complete set of constraints that govern a wallet. It is a list of rules that define the total set of actions that are allowed or denied for a wallet.
  • A rule describes when an action should be allowed or denied. Each rule is composed of one or more conditions. When a request satisfies all of the conditions, the policy engine executes the action (ALLOW or DENY) prescribed by the rule.
  • A condition is a Boolean expression that the policy engine evaluates against an incoming RPC request.
This structure makes Privy’s policy engine flexible enough for complex workflows and predictable enough for production environments. You can create and manage policies through the Privy Dashboard, nodeJS SDK, or via the REST API.

Policies

A policy is composed from a list of rules for each RPC method that a wallet can execute that define what actions are allowed or denied for the wallet. DENY actions take precedence over ALLOW actions. If no rules resolve, the policy will default to DENY.

Allowlisted RPCs and wallet actions

If a wallet’s policy does not include a rule for a given RPC method or wallet action API, usage of that RPC method or API will be denied. If a policy is set on a wallet, the policy must include a rule for any RPC methods or wallet action APIs that the wallet intends to use. Policy objects have the following properties:

Policy evaluation

By default, the trusted execution environment (secure enclave) enforces policies when processing wallet actions, such as signature requests, transactions, and key export. The enclave evaluates policy rules in a tamper-proof environment before any operations proceed. Privy enforces some policies at the API level. For example, limiting transfer sizes requires transaction simulation which runs outside the enclave today. When your application makes an RPC request on a wallet that has a policy, the policy engine evaluates the rules that are associated with the requested RPC method. For instance, if your application makes an 'eth_signTransaction' request, the policy engine will only evaluate rules associated with the 'eth_signTransaction' method in the policy. The rules are evaluated as follows:
  1. If any rule evaluates to a DENY action, the policy engine will DENY the request.
  2. If any rule evaluates to an ALLOW action, and no rules evaluate to DENY, then the policy engine will ALLOW the request.
If the request does not satisfy any of the rules for the policy, the policy engine defaults to DENY the request. This also applies to Solana transactions such that every Instruction in a Solana transaction is evaluated against the rules of the policy. Every instruction must evaluate to an ALLOW action for the transaction to be allowed.
If your application makes a request to a wallet with RPC method X, and the policy’s rules contains no entry with a method corresponding to X, the engine will deny the request by default. If you’d like the policy engine to instead allow requests for RPC method X by default, we recommend setting up an “Allow all” Rule for that RPC method like so.

Rules

The nested Rule object within the policy’s rules array. A rule is composed of an set of boolean conditions and an action (ALLOW or DENY) that is taken if an RPC request satisfies all of the conditions in the rule. Rule objects have the following fields: Each rule corresponds to an individual action that should be allowed or denied by a wallet. For example, you might configure rules for a policy to:
  • ALLOW transfers of the native token to a set of allowlisted recipient addresses
  • DENY interactions with specific Ethereum smart contracts or Solana programs

Conditions

A condition is a boolean statement about a wallet request. When evaluating a wallet request against a rule, the policy engine checks whether the wallet request satisfies each of the boolean conditions in the rule. If all of the conditions are satisfied, the engine executes the action associated with the rule. Conditions allow you to define specific action types that should be allowed or denied for a wallet. Conditions for certain sources may have additional parameters. For instance, ethereum_calldata and tron_trigger_smart_contract_data conditions also require an abi parameter used to decode the calldata, and ethereum_typed_data_message conditions require a typed_data parameter to define the schema for the typed data message.

Field

Fields are attributes of a wallet request that can be parsed or interpreted from the wallet request. Examples of fields include the to parameter of an EVM transaction, the fee_payer parameter of a Solana transaction, or an spl_transfer_recipient field that is populated when the policy engine interprets a transaction. Fields are derived from field sources, which surface data from the wallet request. Possible field sources are listed below.
The policy engine evaluates numerical data exactly as passed in the request body—no conversion is applied. For example, ETH values will be evaluated in wei, SOL in lamports, and USDC in microdollars.

Operator

Operators are boolean operators used to compare fields and values. Operators include eq, neq, lt, lte, gt, gte, in, in_condition_set, contains, starts_with, and ends_with. All string comparisons are case-sensitive.
The in operator can be configured with up to 100 values. Consider in_condition_set operator if you need more.

Values

A condition compares a field using its boolean operator to a static value. As an example, if a condition determines whether an Ethereum transaction has specific recipient address X, the value for the condition is X.