Security Principles

How QuantumStack protects your trust: general security principles, data protection and on-chain validation.

Our Approach to Security

Security at QuantumStack is designed in layers: from user experience to on-chain execution. Our goal is for you to interact with NFTs, agents and contracts with confidence, knowing that your data and assets are treated to the highest standards.

User Trust

Transparency: Critical operations are clear and auditable; you always know what you are signing.
Data minimization: We collect only what is necessary for the service to function and to meet legal obligations.
Explicit consent: No on-chain transaction is sent without your explicit approval in the wallet.
No key custody: Your private keys remain under your control; we never store or request them.

Data Protection

Personal and usage data are protected with practices aligned to industry best practices:

Secure communication: Encrypted traffic (HTTPS/TLS) in all interactions with our services.
Storage: Sensitive data is handled with access controls and, when applicable, anonymization or pseudonymization.
Integrity: Data validation at all layers to prevent tampering or malicious injection.
Incident response: Defined processes for detection, containment and communication in case of security events.

On-Chain Validation

Contracts and Execution

The blockchain layer ensures that business rules are executed in a predictable and verifiable way:

Auditable contracts: Critical logic resides in smart contracts whose code can be publicly verified.
Immutability: Once confirmed, on-chain transactions and state cannot be unilaterally changed.
Signature verification: All sensitive operations require the wallet holder's signature, ensuring only you authorize changes to your assets.
Recognized standards: Use of widely adopted interfaces and libraries (e.g. ERC-721, OpenZeppelin) to reduce implementation risks.

Wallets and Connectivity

Standard provider connection: Integration with wallets (MetaMask, WalletConnect, etc.) without key interception.
Simulation before signing: When possible, the frontend shows the expected impact of the transaction before you approve.
Network and providers: We recommend using trusted RPC and providers; the architecture allows you to choose your own provider when applicable.

Best Practices for You

Some recommendations to keep your experience secure:

Always use the official site and verify the domain before connecting your wallet.
Review each transaction in your wallet before signing; be wary of unexpected requests.
Keep your wallet and browser software up to date.
Never share your seed phrase or private keys with anyone; QuantumStack never requests them.