The security of your users’ data and digital assets is our top priority at Privy. We secure over 50 million users’ wallets and have facilitated billions of dollars in transaction value through our secure, flexible infrastructure.
Privy wallets are non-custodial and have a fully programmable control model. Privy’s flexible
configuration enables the full custody spectrum from user-custodial wallets to powerful
service-controlled accounts.
At Privy, we’ve built our security foundation on unwavering principles. Our systems are non-custodial by design, ensuring that only authorized users can access their keys through sophisticated key splitting and secure execution environments. We implement defense in depth, with multiple independent security boundaries protecting your users’ assets—from cryptographic guarantees to hardware-level isolation.
We believe security requires constant vigilance. We maintain continuous validation through regular
third-party audits, an active bug bounty program, and 24/7 security monitoring to ensure our
systems remain secure as threats evolve.
The strength of Privy’s security comes from our battle-tested approach to protecting sensitive operations and data:Trusted execution environments (secure enclaves)Sensitive wallet operations take place within Trusted Execution Environments (TEEs), also known as secure enclaves. TEEs are highly restricted compute environments that offer deep system isolation guaranteed by the processor itself. In particular, Privy uses AWS Nitro Enclaves.Key sharding and cryptographyWe use robust, scalable cryptographic techniques to shard private keys across separate security boundaries, ensuring they are never stored in complete form and can only be accessed by authorized parties.
Privy’s cryptosystem design ensures sensitive operations remain protected even if the surrounding
system is compromised.
We regularly validate our security through comprehensive assessments:
Multiple independent security audits from firms including Cure53, Zellic, and Doyensec
SOC2 Type I and Type II certified
Active bug bounty program on HackerOne
24/7 incident response with rapid response SLAs
Our commitment to security extends to transparency—our cryptographic implementations are
open-source and have undergone dedicated third-party audits, available on our GitHub
repository.
Our documentation will guide you through implementing Privy securely in your application. We recommend starting with our security checklist for a complete overview of security best practices, or diving into our architecture details to learn more about our security model.