Dynamic is built on Dynamic, meaning we are the first to test our product around security, permissions, scalability and others. Any new feature we launch has been extensively internally tested on our own deployment.
When Dynamic’s SDK is used on your site, the only information produced by the wallet that Dynamic receives is a signed message to prove the wallet ownership. We (or you) don't have access to the private key. We are additionally working on open sourcing our SDK so that you have full visibility into our implementation.
Dynamic follows the Sign In With Ethereum (SIWE) EIP-4361 standards, and is a member of CASA. We use JWTs to return payloads to our customers, and provide easy to use endpoints to check validity of those.
We are SOC 2 Type II compliant, affirming the effectiveness of our security processes and controls. Coupled with our bug bounty program through hackerOne, and partnerships with leading auditors and expert advisors from companies like Okta, Auth0, Zenefits, and others, we ensure the highest level of security for your data.
Submit a vulnerability report
All data is transmitted with encryption using HTTPS and similar protocols. Furthermore, all data is securely stored with encryption-at-rest using AES-256 or higher standards. We also leverage KMS to protect particularly sensitive data.
You control how much data you want Dynamic to persist. Our customer information capture fields are fully customizable, and if you don’t want to store any data except the public-address we can enable that for you.