Security is our
first & top priority.

Our security starts with dogfooding our own product

Dynamic is built on Dynamic, meaning we are the first to test our product around security, permissions, scalability and others. Any new feature we launch has been extensively internally tested on our own deployment.

Customers’ private keys never leave their wallets

When Dynamic’s SDK is used on your site, the only information produced by the wallet that Dynamic receives is a signed message to prove the wallet ownership. We (or you) don't have access to the private key. We are additionally working on open sourcing our SDK so that you have full visibility into our implementation.

We leverage modern web3 and security standards

Dynamic follows the Sign In With Ethereum (SIWE) EIP-4361 standards, and is a member of CASA. We use JWTs to return payloads to our customers, and provide easy to use endpoints to check validity of those.

SOC 2 Type II compliant, with an ongoing bug bounty program

We are SOC 2 Type II compliant, affirming the effectiveness of our security processes and controls. Coupled with our bug bounty program through hackerOne, and partnerships with leading auditors and expert advisors from companies like Okta, Auth0, Zenefits, and others, we ensure the highest level of security for your data.

Submit a vulnerability report‍

All data transmitted with
encryption

All data is transmitted with encryption using HTTPS and similar protocols. Furthermore, all data is securely stored with encryption-at-rest using AES-256 or higher standards. We also leverage KMS to protect particularly sensitive data.

Take full control
of your data storage

You control how much data you want Dynamic to persist. Our customer information capture fields are fully customizable, and if you don’t want to store any data except the public-address we can enable that for you.