Go to Openhouse

Security & Trust

Last Updated: December 2025

Security & Trust

This page outlines OpenHouse's security framework across smart contracts, platform infrastructure, wallet management, and compliance.

Smart Contract Security

Audits

  • Professional security audits before deployment

  • Established, battle-tested contract patterns

  • Audit reports available to users

Secure Development

  • Multi-signature requirements for critical operations

  • Time-locks on sensitive functions

  • Upgradability patterns with safeguards

  • Comprehensive test coverage

Monitoring

  • 24/7 on-chain activity monitoring

  • Automated alerts for unusual patterns

  • Regular security assessments

Platform Security

Infrastructure

  • Enterprise-grade cloud hosting with redundancy

  • DDoS protection and mitigation

  • Web Application Firewall (WAF)

  • Regular penetration testing

Data Protection

  • Encryption at rest and in transit (TLS 1.3)

  • Database encryption with key management

  • Regular security patches and updates

  • Access logging and monitoring

Authentication

  • Secure authentication via Privy

  • Passwordless authentication eliminates password storage risks

  • Session management and timeout controls

  • Rate limiting on authentication attempts

Wallet Security

Your Responsibilities

You are responsible for:

  • Securing your private keys

  • Using strong passwords where applicable

  • Enabling available security features

  • Maintaining device security

  • Staying vigilant against phishing

What OpenHouse Will Never Do

  • Ask for your private keys or seed phrases

  • Request crypto transfers to "verify" your wallet

  • Contact you via DM for sensitive information

  • Request remote access to your device

Embedded Wallets (via Privy)

  • Keys are encrypted and secured by Privy

  • You can export your keys at any time

  • Multi-party computation protects key material

Incident Response

If something goes wrong, we follow a structured protocol:

  1. System isolation

  2. User notification

  3. Scope investigation

  4. Remediation implementation

  5. Post-incident review

Bug Bounty

Security researchers who discover vulnerabilities should:

  • Email security@openhouse.finance with details

  • Allow reasonable time for investigation

  • Avoid public disclosure until resolved

We do not pursue legal action against good-faith security researchers.

Third-Party Security

Provider
Security Standards

Privy

SOC 2 Type II compliant

Supabase

SOC 2 Type II, ISO 27001

Persona

SOC 2 Type II compliant

Regulatory Compliance

  • Operating under FCA Sandbox (registration in progress)

  • UK GDPR compliant

  • Data Protection Act 2018 compliant

  • AML/KYC procedures per UK regulations

Contact

  • Security Team: security@openhouse.finance

  • General Enquiries: hello@openhouse.finance

PreviousSafeguards & ProtectionsNextAML/KYC Policy

Last updated