Security Model
Vaulty is built around one rule: the user always holds the keys. Partners get strong tools, but they never get the ability to spend funds without explicit user approval.
Key custody
Private keys are generated and stored on the user's device, protected by biometric or PIN unlock. Vaulty servers never see, store, escrow, or back up raw private keys.
Permission scopes
- connect — read public address only.
- pay — request a single transfer; user must approve each one.
- sign — request a message signature; cannot move funds.
- subscribe — recurring payments only after explicit, revocable consent.
Defence in depth
- All partner traffic uses TLS 1.2+ and signed webhook payloads.
- API keys are scoped per environment (sandbox / live) and rate-limited.
- Smart Zones detect unusual destinations and prompt the user before signing.
- Telegram Guardian alerts notify users of every approval in real time.
Always-there storage (Google + Arweave + Solana)
Vaulty's wallet storage is designed so a user's encrypted vault survives device loss, browser resets, and cross-device sign-ins without ever giving Vaulty access to keys.
- Primary sync — Google Drive Application Data Folder (appDataFolder). Hidden from the user's normal file list; OAuth scope limited to that folder.
- Outer envelope — the encrypted bundle is wrapped a second time, keyed to the user's Google identifier, before it leaves the browser.
- Optional permanent backup — one-time Arweave upload via Irys/Bundlr. Pay once, stored forever, no subscription.
- Solana index pointer — minimal (~128–256 bytes, rent-refundable) account storing only the Arweave TX ID, content hash, and primary/secondary flags.
- Restore order — Google first for speed; Arweave only as fallback when the Google copy is missing, corrupted, or expired. Integrity verified against the on-chain hash before local decryption.
Sign-in methods (two paths, same Vaulty)
Vaulty supports two sign-in methods. Both produce the same non-custodial wallet, the same IndexedDB-first storage, the same Solana pointer, and the same optional Arweave permanent backup. The only difference is how the outer encryption key is derived.
- Enterprise-grade security — fast, familiar access — Sign in with the Google account you already trust. Vaulty's scope is limited to a hidden, app-only Drive folder — we can't read your files, email, or contacts. Your encrypted wallet is wrapped with a key derived from your Google identity so even Drive admins can't open it.
- Fully decentralized — no third-party identity provider — Vaulty asks your wallet to sign a one-time verification message — no transaction, no fees. Your public key becomes your profile, and the outer encryption key is derived deterministically from that pubkey. Nothing about you leaves the Solana network.
Auditability
Every payment routed via Vaulty is fully on-chain. Users and partners can verify any transaction through Solscan or any Solana explorer using the returned signature.

