Security
Sensitive layers are handled by licensed partners. Encrypto composes them.
Layered responsibility
| Layer | Who handles it |
|---|---|
| Custody (wallet keys) | Sealed inside a Trusted Execution Environment |
| Identity verification | Licensed KYC partner |
| Card issuance | FDIC-insured issuing bank under a major card-network program |
| Stablecoin issuance | Established regulated stablecoin issuers |
| Banking & payment rails | Licensed payment partners per region |
Custody
Wallet keys live in a Trusted Execution Environment. Encrypto cannot access user keys or move user funds. Only the user, authenticated through their session, can authorize transactions. See Custody Model.
Minimal attack surface
- No seed phrases.
- No browser extensions required.
- No direct smart-contract interaction in the spending flow.
Bank account verification
Bank account ownership is verified before fiat withdrawals are enabled. Read-only verification through a regulated provider confirms ownership without exposing online-banking credentials to Encrypto.
Reporting issues
Security issues can be reported to security@encrypto.fun or through the in-app help flow.