Security at Alchemy
The most trusted enterprise-grade developer platform for building, launching, and scaling web3 apps.
Data security
All of our API calls use TLS to help protect the integrity, privacy, and security of your requests.
We regularly conduct security tests on our systems and applications, and utilize third parties to annually perform penetration tests.
We rely on industry standard systems to protect our services against wide-scale coordinated attacks.
Operational
Security
Our employees are trained on security controls and are taught how to identify and report phishing attacks.
We enforce Single Sign-On with multi-factor authentication (MFA), and use Role Based Access Control to limit employees’ access to only the resources they need. We require phishing-resistant, hardware-based MFA for sensitive access.
We actively monitor all company-issued laptops for any suspicious behavior using industry standard tooling.
We assess the security of our third-party vendors to ensure they meet our high standards.
Cloud Security
We utilize Amazon Web Services, Google Cloud Platform, and Cloudflare, all of which are SOC 2 certified.
We use cloud-native secrets management to properly secure internal secrets and keys.
Our cloud environment is continuously monitored to alert us of any suspicious activity.
Security issue?
If you identify any security issues with any of our products, please report them using the support button, or email [email protected]
Explore best practices for building on Alchemy
