// public beta · running on synthetic on-chain data · roadmap · status
SYBILSHIELD
launch

Security

How we secure data, secrets, and the appeal trail.

Data classification

  • Wallet addresses — public on-chain data. We process but never re-publish individual addresses outside aggregate stats.
  • Customer email + API key hash — bcrypt/SHA256 hashed. Plaintext keys shown ONCE at creation.
  • Evidence + cluster data — visible only to the customer who created the analysis. Aggregates may appear in public retros.
  • Appeal submissions — visible to customer who owns the analysis + reviewer. Submitter contact email never published.
  • Webhooks — payloads signed with HMAC-SHA256 against the customer's webhook_secret. Verify before processing.

API key handling

  • · Format sk_live_<32 base64url chars>
  • · SHA256 hashed in DB. Plaintext shown once at creation/rotation.
  • · Constant-time comparison on every request (timingSafeEqual).
  • · Rotate at /dashboard/api-keys — old key revoked immediately.

Webhook signature verification

On analysis.completed we POST to your URL with header x-sybilshield-signature: sha256=<hex>.

# Node.js
import { createHmac } from 'crypto';

function verify(body, signature, secret) {
  const expected = 'sha256=' + createHmac('sha256', secret).update(body).digest('hex');
  return signature === expected;
}

Audit log

Every flagged event (score >= 40), every appeal, every review, every reversal is written to evidence_audit_log. Rows are append-only; no admin can edit prior entries. The schema captures:

  • · actor (system:model:vX / customer:<uuid> / public:anonymous)
  • · timestamp, prior_score, new_score
  • · evidence_snapshot (JSON, frozen at event time)
  • · reason (free text)

Reporting a vulnerability

Email security@sybilshield.com with a description and reproduction. We commit to:

  • · Acknowledge within 48 hours
  • · Patch critical issues within 7 days
  • · Public-credit you in the disclosure if you wish
  • · No legal action against good-faith research

Bug bounty program will launch with the first hosted production deployment.

Operational security (current state, honest)

  • · Code is open-source (MIT) — no secret algorithms to leak
  • · Secrets live in .env, never committed (see .gitignore)
  • · Pre-incorporation: no formal SOC 2 / ISO 27001. Will pursue after revenue.
  • · Hosted production not yet deployed — sandbox mode runs on free-tier infra