Moralis Web3 Technology AB Security Policy

Data & Infrastructure Security

Secure Infrastructure Provider – We host our data in secure Amazon Web Services (AWS) data centers protected by 24/7 on-site security and camera surveillance.

Data Encryption in Transit and at Rest Process – All data sent to or from Moralis is encrypted using TLS, and all customer data is encrypted using AES-256.

Data Redundancy and Resiliency – Moralis infrastructure is fault tolerant by design. All databases operate in a cluster configuration, and the application tier scales using load balancing technology that dynamically meets demand.

Strict Access Controls – Moralis has a clearly defined access management policy and follows strict control standards. Access to all Moralis systems is managed securely, enforces 2FA, and logs all activity.

Security Audit and Monitoring – Moralis centrally manages audit logs, which provide a transparent overview and historical record of almost all actions taken by team members.

App & Development

Security is our top priority when developing any application.

Penetration Testing and Bug Bounties – We partner with reputable security firms to run external pen tests. Additionally, our bug bounty program allows anyone to test our system and report bugs.

Application Monitoring and Protection – All app access is logged and audited. We also use a wide variety of solutions to quickly identify and eliminate threats, including a WAF (Web Application Firewall) and CDN (Cloud Distribution Network).

Development and Change Management Process – Code development is done through a documented SDLC process, and every change is tracked via version control.

Automated controls ensure changes are peer-reviewed and pass a series of tests before being deployed to production.

Third-Party Vendor Security Review Process – We ensure all of our third-party apps and providers meet our security and data protection standards before using them.

Want to learn more about security at Moralis?

Work with our engineers to assess your unique security needs.

Contact us at [email protected]