Security & Privacy (Final Preview)

This blueprint summarizes our Final-Release security posture: non-custodial design, MEV-aware execution, verifiable simulations, and strict data minimization.

Principles

• Non-custodial by design: keys remain in user wallets; the app never stores private keys.
• Least privilege: wallet permissions are narrowly scoped; every action requires explicit user consent.
• Deterministic safety: pre-trade simulation and post-trade verification are mandatory steps in the UI.
• Data minimization: no PII collection by default; telemetry is opt-in and strictly aggregated.

Transaction Safety

• Preflight simulation: simulate all trades before submission and surface gas/compute and slippage outcomes for user review.
• MEV-aware routing: optional bundled/priority sends to improve landing during contention; default path favors reliability.
• Confirmation policy: show commitment level and finality thresholds; expose reorg/resubmission handling to the user.

Operational Security

• Build integrity: content-security-policy, sub-resource integrity, strict MIME, and origin hardening.
• Secrets & config: KMS-backed runtime secrets; no secrets in client bundles.
• Dependency hygiene: pinned versions, SBOM, automated vulnerability scanning, periodic third-party audits.

Privacy & Compliance

• Zero-PII baseline: no names/emails by default; wallet addresses are treated as pseudonymous identifiers.
• Retention: ephemeral logs (hours→days) for troubleshooting; aggregated analytics only with opt-in consent.
• User rights: export/delete toggles for any locally stored snapshots and settings.

Monitoring & Incident Response

• Runtime monitoring: anomaly detection on error rates, latency, and signature failure patterns.
• IR playbooks: rollback procedures, communication policy, and public post-mortems for Sev-A/B.
• Disclosure: responsible disclosure channel and recurring external assessments.