# Security Decimal is built with security-first principles. We know that your workflows touch critical systems - from financial transactions to community data - so protecting your automations, data, and keys is our top priority. ### 1. Core Security Principles * Zero-Trust Architecture – every request is verified, and no implicit trust is given to nodes, connectors, or users. * End-to-End Encryption – all data in transit uses TLS 1.2+ and sensitive data at rest is encrypted with AES-256. ### 2. Data Protection * Secrets Vault – all API keys, and user credentials are stored in an isolated, encrypted TEE vault, never in plaintext. * No Silent Data Capture – Decimal does not log or store workflow payloads beyond the immediate execution. All logs are available on the browser, and get deleted immediately after execution. * User Ownership – you can revoke integrations or delete all data at any time. ### 3. Wallet & Web3 Security * Non-Custodial by Default – Decimal does not hold or control your funds. * Decimal wallet is powered by [CDP](https://www.coinbase.com/en-in/developer-platform/products/wallets), secured inside a TEE and tightly tied in with the User's wallet. * Secure Signing – all on-chain transactions use secure signing mechanisms (e.g., WalletConnect, hardware wallets, or API keys provided by you). * Audit Trails – every blockchain interaction triggered by a workflow is logged for transparency. ### 4. Infrastructure Security * Containerized Execution – workflows run in isolated TEE environments, reducing risk of cross-contamination. * Marlin TEEs (Oysters) provide computation guarantee and proofs to ensure executions are exactly as per the instructions set by the user. * Rate Limiting & Throttling – prevents abuse and DDOS attacks ensures high reliability of shared resources. * Regular Audits – all components and connectors undergo periodic code audits and penetration tests. ### 5. Compliance & Standards * SOC 2 (in progress) – following best practices for security, availability, and confidentiality. * GDPR / Data Privacy – our entire system is designed to safeguard user's privacy and anonymity, so no user data is ever stored on our system. * Best Practices for Web3 – Only verified smart contracts and on-chain modules are onboarded onto the platform. ### 6. Shared Responsibility Decimal provides the infrastructure and guarantees secure execution, but security is a shared responsibility: * Always use strong authentication for your accounts. * Rotate API keys regularly. * Use only trusted Web3 vendors and third-party connectors. ### 7. Why This Matters Security isn’t just about avoiding losses; it’s about trusting your automations to run without worry. With Decimal: * You don’t risk losing keys or sensitive data to a silo platform. * You retain control over your wallets and workflows. * You gain the peace of mind that every execution is isolated, auditable, and protected. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.decimal.at/technical/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.