Solence

Security

How we protect your data and our commitment to security

Our Security Commitment

Security is at the core of SolenceAi. We implement industry best practices to protect our infrastructure, your data, and the integrity of our security analysis.

Infrastructure Security

Encryption

  • In Transit: All data transmitted using TLS 1.3 encryption (HTTPS)
  • At Rest: Database encryption using AES-256
  • API Communications: Encrypted connections to Solana RPC endpoints

Access Controls

  • Role-based access control (RBAC) for internal systems
  • Multi-factor authentication (MFA) for team members
  • Principle of least privilege for all access
  • Regular access audits and reviews

Infrastructure

  • Hosted on secure, SOC 2 compliant cloud infrastructure
  • Automated security patching and updates
  • DDoS protection and rate limiting
  • Isolated production and development environments
  • Regular backups with encrypted storage

Application Security

Code Security

  • Regular dependency scanning for vulnerabilities
  • Automated security testing in CI/CD pipeline
  • Code review process for all changes
  • Static application security testing (SAST)

API Security

  • Rate limiting to prevent abuse (10-50 requests/hour depending on tier)
  • Input validation and sanitization
  • Protection against common attacks (SQL injection, XSS, CSRF)
  • API authentication for enterprise users

Wallet Interaction

Read-Only Analysis

SolenceAi performs read-only blockchain queries. We never request your private keys, seed phrases, or transaction signatures for scanning. Wallet connection is only required for optional Safety Badge minting.

Data Privacy & Protection

What We Don't Store

  • Private keys or seed phrases
  • Wallet passwords or authentication credentials
  • Full transaction histories beyond scoring needs
  • Personally identifiable information (PII)

Data Minimization

We only collect and retain data necessary for Service operation:

  • Wallet addresses (public blockchain data)
  • Scan results and timestamps
  • Badge mint transactions (public on-chain)

Retention

  • Scan reports: Retained for shareable links (deletable upon request)
  • Usage logs: 90 days
  • Security logs: 1 year

Monitoring & Incident Response

Real-Time Monitoring

  • 24/7 automated security monitoring
  • Anomaly detection for suspicious activity
  • Error tracking and alerting
  • Performance and uptime monitoring

Incident Response Plan

In the event of a security incident:

  1. Detection: Automated alerts trigger investigation
  2. Containment: Immediate action to limit impact
  3. Assessment: Determine scope and affected data
  4. Remediation: Fix vulnerabilities and restore services
  5. Notification: Inform affected users within 72 hours (if applicable)
  6. Post-Mortem: Document and improve processes

Third-Party Security

Vendor Assessment

We carefully vet all third-party services:

  • Cloud infrastructure: Enterprise-grade security certifications
  • AI/ML providers: SOC 2 compliance and data protection agreements
  • RPC providers: Reputable Solana infrastructure providers

Open Source Dependencies

  • Automated vulnerability scanning (Dependabot, Snyk)
  • Regular updates to latest secure versions
  • Use of well-maintained, reputable libraries only

Smart Contract Security

For our Safety Badge SPL token program:

  • Audited by third-party security firms (audits available upon request)
  • Open source code for community review
  • Immutable after deployment to mainnet
  • Tested extensively on devnet before mainnet deployment

Compliance & Certifications

We are working toward the following compliance standards:

  • SOC 2 Type II: In progress (targeting Q2 2025)
  • GDPR: Compliant for EU users
  • CCPA: Compliant for California residents
  • ISO 27001: Planned for 2025

Responsible Disclosure Policy

Reporting Vulnerabilities

We appreciate the security research community and welcome responsible disclosure of vulnerabilities. If you discover a security issue, please:

How to Report

  1. 1. Contact us privately

    Email: security@solenceai.com (PGP key available on request)

  2. 2. Provide details

    Include steps to reproduce, impact assessment, and any proof-of-concept code

  3. 3. Allow time for remediation

    Give us 90 days to address the issue before public disclosure

  4. 4. Act in good faith

    Don't access or modify user data, disrupt services, or publicly disclose before we've patched

What We Promise

  • Acknowledgment: Response within 48 hours
  • Updates: Regular status updates on remediation progress
  • Credit: Public acknowledgment (if desired) after fix is deployed
  • No Legal Action: We won't pursue legal action for good-faith research

Bug Bounty Program

We're planning to launch a formal bug bounty program in 2025. Researchers who report critical vulnerabilities may be eligible for rewards. Stay tuned for details.

Out of Scope

The following are not considered vulnerabilities:

  • Social engineering attacks against our team
  • Denial of Service (DoS) attacks
  • Rate limiting behavior (by design)
  • Missing security headers on non-sensitive pages
  • Open-source dependencies with available patches (we monitor these)
  • Issues affecting outdated browsers not in our support matrix

Security Best Practices for Users

When Using SolenceAi

  • Never share your private keys or seed phrases with anyone
  • Only connect wallets for badge minting (not required for scanning)
  • Use official wallet extensions (Phantom, Solflare) from verified sources
  • Verify you're on the correct domain before wallet connection
  • Review transaction details before signing badge mints

General Wallet Security

  • Use hardware wallets for large holdings
  • Enable multi-signature for treasuries
  • Regularly scan your wallets for security posture changes
  • Be cautious of phishing attempts and fake websites
  • Keep your devices and browsers updated

Transparency & Updates

We believe in transparency. Security updates and incident reports will be published on our Status Page. You can also follow us on X for real-time security announcements.

Questions?

For security-related questions or concerns, contact us at security@solenceaiAi.com or through our support channels.