Security

Security is fundamental to Clique Wallet's architecture. We are a custodial wallet service, but it's important to understand that private keys are technically controlled and secured by the Trusted Execution Environment (TEE). This design ensures that even our own development and operations team cannot access user private keys, effectively protecting user key security.

Security Architecture

Clique Wallet implements a multi-layered security architecture:

• TEE Protection: All critical processes—including key generation, storage, and transaction signing—run entirely within the TEE's encrypted memory. This ensures that sensitive data is never exposed in plaintext, making it inaccessible to any external parties and effectively preventing data theft.

• Encrypted Storage: All user data is encrypted before being stored. Only the TEE holds the encryption keys. Even if data is accessed at the database level, the actual sensitive information remains encrypted and unreadable.

• Data Integrity Verification: We apply integrity checks to all user data. Any attempt to tamper with the data by an attacker would be detected and rejected, ensuring the information remains authentic and unaltered.

• End-to-End Encrypted Communication: All data transmitted between the user and our services is protected via HTTPS encryption, preventing interception or leakage over the network.

• Session Security: Sensitive interfaces are protected with Http-Only session-based authentication. This mechanism helps safeguard user sessions from client-side attacks, enhancing security on the user's end.