Customers trust us with their most critical flows, and we take that responsibility seriously. We strive to create a world class security program, obsessing over details and nuances.
Dynamic is built on Dynamic, meaning we are the first to test our product around security, permissions, scalability and others. Any new feature we launch has been extensively internally tested on our own deployment.
When Dynamic’s SDK is used on your site, the only information produced by the wallet that Dynamic receives is a signed message to prove the wallet ownership. We (or you) don't have access to the private key. We are additionally working on open sourcing our SDK so that you have full visibility into our implementation.
Dynamic follows the Sign In With Ethereum (SIWE) EIP-4361 standards, and is a member of CASA. We use JWTs to return payloads to our customers, and provide easy to use endpoints to check validity of those.
We spent time getting things early in our lifecycle. Dynamic is in the process of getting SOC 2 certified. We are building a bounty program through hackerOne. We partner with leading auditors, and leverage expert advisors who have built world-class architecture at companies like Okta, Auth0, Zenefits and others.
Submit a vulnerability report
All data is transmitted with encryption using HTTPS and similar protocols. Furthermore, all data is securely stored with encryption-at-rest using AES-256 or higher standards. We also leverage KMS to protect particularly sensitive data.
You control how much data you want Dynamic to persist. Our customer information capture fields are fully customizable, and if you don’t want to store any data except the public-address we can enable that for you.