Overview

Prev Next

Crypto technology has revolutionized finance, but most tools are still designed with a narrow focus on technical security (protecting against unauthorized access) while overlooking the broader concept of user safety, which is about preventing loss.

At Stackup, we focus on more than just blocking unauthorized access, we also work to prevent user mistakes and losses. We build tools that are both secure and easy to use, so people can manage their finances confidently and safely.

Our Approach to Security

Our security architecture is built on three core principles: self-custodial control, enterprise-grade protection, and simplified user experience. This approach ensures your assets remain under your complete control while providing the advanced security features businesses require. Stackup meets SOC 2 Type 2 requirements to ensure enterprise-grade protection.

If you have questions about Stackup's security architecture or need help configuring permissions for your team, our support team is here to help. Contact us at support@stackup.fi or visit our comprehensive Security Documentation for more details.

Our Approach to Safety

Traditional crypto solutions invest heavily in smart contract security, assuming users will always operate systems correctly.

In reality, people are often confused or misled about what’s actually happening onchain. Their mental models don’t always match how things work in practice.

Stackup is built on the principle that security must go hand-in-hand with safety. We design our platform to prevent both unauthorized access and accidental loss, prioritizing clear interfaces, guided workflows, and safeguards that anticipate real-world user behavior.

This focus on holistic protection is why leading companies like Spearbit trust Stackup over legacy wallets.

How We Protect Your Data

Stackup protects your data with industry-standard HTTPS encryption and phishing-resistant passkeys for authentication and transaction signing.

Session cookies expire after 24 hours.

Passkeys

Passkeys are used for both application access and on-chain transaction signing. Passkeys provide phishing-resistant authentication with biometric verification. Private keys never leave your device, eliminating the risk of credential theft. Your Passkey will generate a private/public key pair where only the public key is shared with us.

Learn more about Passkeys →

Trusted Execution Environments

For advanced features like Automations, Stackup uses Trusted Execution Environments via AWS Nitro Enclaves. Each Automation generates an encrypted and cryptographically verifiable signer by the TEE.

Learn more about TEEs →

How We Protect Your Funds

Onchain Permissions

Your wallet is a smart contract with multiple levels of access. This ensures that even if someone's credentials are compromised, their access is limited to their specific permissions.

Learn more about Smart Accounts →

Self-custody with ERC-4337

Your onchain accounts are never accessible by Stackup. Your wallet uses the ERC-4337 standard, providing best-in-class security across all EVM blockchains.

Learn more about ERC-4337 →