Whitepaper / Security, Risk & Compliance
Security, Risk & Compliance
Origin/CSRF, JWT cookies, idempotency & replay guards, data hygiene, legal posture.
Last updated:~3 min read
11.1 Application Security
- Admin cookie: HttpOnly, SameSite, short-lived; origin and CSRF checks.
- Idempotency keys & replay protection on all write operations.
- Rate limits; wallet allowlist for admin areas.
- Signed caching & server-side price proxy (mobile-friendly & CORS-safe).
11.2 Data Hygiene
- PII minimization; user-agent/IP kept only to the operational extent necessary.
- Log rotation & retention windows; store only when required.
11.3 Legal Posture
- Clear “no investment advice” statement; protocol rules govern outcomes.
- Non-custodial posture wherever technically feasible.
- Jurisdiction awareness; we do not perform sanctions screening ourselves, but partner-compatible integrations can be considered where appropriate.
11.4 Transparency
- Public dashboards;
export.csv; audit-friendly traces. - “Announce → grace → apply” for parameter changes and (optional) on-chain ref-hashes.