Security is foundational to everything we ship. Our MPC architecture means no complete private key ever exists in our infrastructure — not at rest, not in transit, not even momentarily during signing.
Every wallet provisioned through Zafeguard uses multi-party computation. Key shards are distributed across separate, geographically distributed nodes. Signing requires a threshold of nodes to participate in a cryptographic protocol — the full key is never reconstructed on any single node.
The on-chain signature produced by an MPC ceremony is indistinguishable from a single-signer transaction: same gas cost, same chain compatibility, same privacy — with none of the seed-phrase or hot-wallet risk.
For institutions with strict data-sovereignty requirements, the same MPC stack is available as a self-hosted deployment. Key shards never leave your environment.
We design our controls to align with industry standards including SOC 2, ISO 27001, and the NIST Cybersecurity Framework. Formal audit attestations are in progress; we will publish them here as they are completed.
For payment-workflow customers, our payment processors handle PCI-scoped card data directly — Zafeguard does not store full card numbers.
If you believe you have found a security vulnerability in any Zafeguard product, please email hello@zafeguard.com with the subject line “Security disclosure”. We commit to:
Please do not publicly disclose a vulnerability before we have had a reasonable opportunity to address it. Do not access data that is not your own, and do not run automated scanning that may impact other users.
No security stack is complete without you. Treat your credentials, API keys, recovery factors, and any other authentication material as you would your most sensitive secrets. Use a hardware key or strong MFA for your account. Rotate credentials after any team member departure. Review workspace audit logs periodically.
For a full description of risk allocation and your obligations, see our Terms of Service and Privacy Policy.