Security is layered: it starts with how we hold customer assets, runs through how we approve withdrawals, and ends at the controls you have on your own account.
Customer digital assets are held in custodial wallets segregated from operational treasury and identified to customer accounts in our books and records.
The majority of customer assets are held in offline cold storage with hardware-protected key material. A limited operating reserve is maintained online for processing transfers.
Outbound transfers require multi-party approvals based on transaction size and risk. Out-of-band review applies to non-routine activity.
All customer accounts must enable multi-factor authentication. Authenticator apps and security keys are recommended over SMS.
You can restrict outgoing transfers to a list of pre-approved blockchain addresses, with cool-down windows for newly added entries.
Account activity is continuously monitored for unusual patterns. You receive notifications for sign-ins, address changes and outbound transfers.
Cryptographic keys protecting customer custody are held in hardware modules with restricted physical and logical access. Key generation and use are audited.
Engineering, operations and compliance functions are separated. No single individual can move customer assets without independent approvals.
Critical service providers undergo security due diligence and contractual confidentiality, security and incident-notification obligations.
We maintain a documented incident response plan. We notify affected customers and applicable regulators in line with U.S. and state law.
Our security and AML programs are subject to periodic independent review.
springlightllc.com) before logging in or entering credentials.