BlockWealth logo
BlockWealth
Security

Security & infrastructure

How BlockWealth protects advisor and client data. Custody, encryption, access controls, and audit trail — built for fiduciary workflows.

Regulated custody

BlockWealth does not directly custody client assets. Client crypto is held with regulated third-party custodians — Coinbase today, with additional custodians on our roadmap. Removing self-custody from the firm reduces operational risk and the regulatory surface area your firm has to defend.

  • No self-custody risk for the firm or end clients
  • Live: Coinbase
  • Additional regulated custodians on roadmap

Encryption

Sensitive secrets — custody API credentials, integration tokens, and similar fields — are encrypted at rest using AES-256-GCM (authenticated encryption). Each encrypted value carries its own initialization vector and authentication tag, so tampering or reuse is detectable on decryption.

  • AES-256-GCM for sensitive fields
  • Per-secret initialization vectors
  • Authenticated encryption (tamper-detection)

Authentication & access control

Authenticated sessions use signed JWT tokens delivered via httpOnly cookies — they cannot be read or exfiltrated by JavaScript running on the page, which materially reduces XSS-driven account takeover risk. Every API endpoint enforces role-based authorization on top of authentication.

  • JWT session tokens with HS256 signing
  • httpOnly cookies (XSS-resistant)
  • Role-based access (Firm Admin, Advisor, Operations, Compliance, Analyst)
  • Firm-scoped data isolation (multi-tenant)

Audit trail

Every state-changing action on the platform — trades, model changes, permission grants, integration connects — is recorded in an immutable audit log. Each entry captures the user, IP address, user agent, and a before/after snapshot of the affected entity. Firm administrators can review the full log from inside the platform.

  • Append-only audit log per firm
  • Captures user, IP, user agent
  • Before/after state snapshots for changes
  • Available to firm administrators in-app

Infrastructure

BlockWealth runs on managed cloud infrastructure backed by SOC 2 — certified providers (Vercel for the web tier, Railway for application hosting, Supabase for the database). We benefit from the underlying providers' security controls — encryption at rest, network isolation, automated patching — without owning the bare metal.

  • Hosted on SOC 2 — certified providers
  • Database encryption at rest (provider-managed)
  • TLS in transit for all traffic
  • Continuous platform updates rolled out automatically

What's on the roadmap

  • ·BlockWealth itself is a 2026-founded company. Formal third-party certifications (SOC 2, ISO 27001) are on our roadmap; the underlying cloud providers we run on are already SOC 2 — certified today.
  • ·Additional custodians (beyond Coinbase) and reporting integrations (Orion, Addepar, Black Diamond, Morningstar) are on the near-term roadmap.

Want the technical detail?

We're happy to walk security and compliance teams through specifics on a call.

Get in touch