Your assets are safe with us.

We've been earning the trust of Canadians since 2017 by securing hundreds of millions worth of digital assets.

Proprietary Offline Storage

  • Private keys are generated, stored, and managed offline on custom built Hardware Security Modules (HSMs) that are either CC EAL4+ or FIPS 140-2 Level 3 certified.
  • The HSMs are kept in bank-grade vaults that are geographically distributed across North America and are access controlled, monitored, and guarded 24/7.
  • We backup private keys through two fully redundant and independent systems.
  • Transaction signing happens entirely offline and is cryptographically approved by the client.

Proprietary Warm Storage

  • The warm storage is deployed and secured on cloud infrastructure.
  • Credentials which secure private keys are managed on general purpose HSMs.
  • The HSMs are FIPS 140-2 Level 3 validated or are currently in the process of being validated.
  • Automated intrusion detection and protection disables withdrawals on certain security events.

Strict Internal Controls

  • Multi-factor authentication and tier-based access controls regulate access to infrastructure.
  • Sensitive data is encrypted when in transit over public networks and at rest.
  • All employees are subject to initial and ongoing criminal background and credit checks.
  • We restrict employee access based on role, following the principle of least-privilege.
  • Our employees are never in personal possession of or have direct access to any assets.
  • Our co-founders are unable to independently transfer any of your digital assets.
  • Our offices do not store or contain anything of value.

Customizable Security Controls

  • Platform access is restricted to whitelisted devices and locations.
  • Multisig approval workflows can restrict transfers at the user level.
  • Multisig approval workflows can restrict external account access at the user level.
  • API keys and access is configured at the user level.
  • Users can be restricted from sending transfers out of or viewing certain wallets.
  • Users can be restricted from sending transfers to certain external accounts.
  • Transfers and external account changes can be approved on the go with our mobile app.

Have questions, comments, or want to report a
security vulnerability?

Get in touch
We use cookies to ensure you get the best experience on our website. Learn more