> For the complete documentation index, see [llms.txt](https://tilepmoney.gitbook.io/tilepmoney-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://tilepmoney.gitbook.io/tilepmoney-docs/resources/security.md).

# Security

This document outlines our security practices and best practices for users.

### Security Architecture

#### Authentication & Authorization

**Wallet-Based Authentication**

* Privy handles wallet connection and authentication
* Private keys never leave user's wallet
* Session management on server-side
* Multi-wallet support

**Access Control**

* Workflows are user-specific
* API endpoints require authentication
* Server-side validation for all operations

#### Data Protection

**Server-Side Processing**

* All sensitive operations handled server-side
* API keys and secrets never exposed to client
* Database credentials in environment variables
* HTTPS for all communications

**Database Security**

* MongoDB Atlas with encryption at rest
* IP whitelisting for database access
* Regular backups
* Access logging

#### Smart Contract Security

**Best Practices**

* OpenZeppelin contracts for battle-tested code
* Reentrancy guards on critical functions
* Input validation on all functions
* Access control for administrative functions

**Testing**

* Comprehensive Foundry test suite
* Fuzz testing for edge cases
* Gas optimization
* Security audits planned before mainnet


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://tilepmoney.gitbook.io/tilepmoney-docs/resources/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.