🔒
Security
How we protect your funds and data
Non-custodial
Architecture
⛓️Non-Custodial Architecture
✓Your funds are controlled by smart contracts, not Probily
✓We cannot access, freeze, or move your funds
✓All fund movements require your cryptographic signature
✓Smart contract code is open-source and auditable
🔐Data Protection
✓All data encrypted in transit with TLS 1.3
✓Database encrypted at rest with AES-256
✓Authentication tokens use industry-standard JWT with short expiry
✓No sensitive data stored in browser cookies or local storage
🛡️Account Security
✓Email verification required for all accounts
✓Passwords hashed with bcrypt (12 rounds)
✓Rate limiting on login attempts to prevent brute force
✓Automatic session expiry after 24 hours of inactivity
🔍Smart Contract Security
✓All contracts deployed on Polygon mainnet
✓Immutable resolution logic — cannot be changed after deployment
✓Multi-sig treasury controls requiring multiple approvals
✓Continuous monitoring for unusual contract interactions
🌐Infrastructure Security
✓Hosted on Vercel with edge deployment across 100+ locations
✓DDoS protection with automatic traffic filtering
✓Database hosted on Supabase with daily encrypted backups
✓99.9%+ uptime SLA with automatic failover
📋Compliance & Transparency
✓Complete audit trail for all trades, deposits, and withdrawals
✓All market resolutions recorded on-chain with justification
✓Regular security assessments and penetration testing
✓Responsible disclosure program for security researchers
Found a vulnerability?
We take security seriously. Report vulnerabilities responsibly and we'll work with you to fix them.
info@probily.com