Security at Guardlet

We build Guardlet on the principles of safety, simplicity, and control. This page explains how we protect your assets with modern cryptography and layered defenses.

Why Security Matters

When you hold digital assets, security is not optional. Guardlet provides a secure and user-friendly experience that eliminates single points of failure and reduces operational risks without sacrificing usability.

Our Security Model

• Keyless, non-custodial architecture powered by Multi‑Party Computation (MPC)
• Unique per‑wallet cryptographic material and independent encryption IVs
• Biometric‑anchored 3FA for sensitive actions and recovery flows
• Immutable transaction history with clear status lifecycle
• Strict input validation, rate limiting, and abuse prevention
• No sensitive data in logs, ever

Multi‑Party Computation (MPC)

Guardlet replaces the traditional private key with secure MPC. Critical operations require collaboration between independent shares that never coalesce into a single private key. This removes the classic “single secret” failure mode and enables safer recovery and device migration.

3FA at Guardlet

We use three independent factors to authorize high‑risk actions (e.g., recovery, large withdrawals):

• Something you have: your bound device and secure enclave
• Something you are: biometric confirmation for critical operations
• Something you control: authenticated Guardlet account session with anti‑phishing checks

This layered approach makes account takeovers dramatically harder while keeping the UX fast and simple.

Keyless Recovery

Guardlet offers guided, keyless recovery. Your recovery flow never exposes a mnemonic or a raw private key. Each wallet uses unique encryption material with per‑wallet IVs to prevent cross‑wallet compromise and enable secure, auditable recovery when needed.

Privacy and Data Minimization

We collect only what is necessary to operate your wallet. Sensitive data is encrypted before storage, never logged, and protected by strict access controls. We do not sell your data.

Audits and Bug Bounty

We continuously review critical components and partner with independent auditors. We also operate a responsible disclosure program and welcome contributions from the security community.

Defense‑in‑Depth

• Strong transport and at‑rest encryption
• Least‑privilege access and role isolation
• Rigorous input validation and request throttling
• Tamper‑evident operational logs for sensitive actions
• Admin approval workflow for outgoing transactions where applicable

Operational Security

Internally, we apply separation of duties, mandatory reviews, and secure secrets management. We use hardened build pipelines and signed releases to protect the software supply chain.

Supported Networks and Risks

Always verify that Guardlet supports the asset and network you intend to use. Mismatched networks can lead to loss of funds. For large transfers, start with a small test transaction first.

Frequently Asked Questions