Security at Sawa

Your keys. Your money.
Our obsession.

Sawa is non-custodial by design. That isn't a marketing word — it's an architecture decision that means we couldn't touch your funds even if we wanted to. Here is exactly how it works.

The honest list

Three things Sawa cannot do

The strongest security promise isn't what a company says it won't do — it's what the architecture makes impossible.

01

We can’t move your money

Your private keys are generated and secured on your device through Privy embedded wallets. Sawa’s servers never see them — so no employee, hacker, or court order pointed at us can transfer your funds.

02

We can’t read your seed phrase

Your recovery phrase is displayed once, on your device, behind PIN and screenshot protection. It is never transmitted to or stored on our servers.

03

We can’t freeze your wallet

Because the wallet is non-custodial, your assets live on-chain under your keys. Even if Sawa disappeared tomorrow, you could export your keys and access everything from any standard wallet.

Defense in depth

What we actively protect

01

Server-authoritative PIN

Your transaction PIN is verified against a salted hash on our servers — never stored in plain text, never checkable offline by an attacker. Repeated wrong guesses trigger an escalating lockout, and your PIN protects your account across every device you sign in on.

02

Screenshot & screen-recording protection

Screens that display your seed phrase or other secrets block screenshots and screen recording on Android, and blank themselves in the app switcher. What’s secret stays on your screen only.

03

Per-user authenticated API

Every request to our backend is authenticated with a short-lived cryptographic token tied to your login. One user can never read or act on another user’s data.

04

Hardened build pipeline

Production builds strip debug logging so codes, tokens, and personal data never leak into device logs. Sensitive values are redacted at the source.

05

Rate limiting & abuse monitoring

Login, OTP, and transaction endpoints are rate-limited and monitored, so brute-force and enumeration attacks hit a wall long before they hit you.

06

Encrypted in transit

All traffic between your device and our servers is encrypted with TLS. Webhooks and internal services authenticate each other with signed secrets.

Non-custodial means you hold real power — use it well

  • Write your recovery phrase on paper. Never screenshot it, never paste it anywhere.
  • Sawa staff will never ask for your seed phrase, PIN, or OTP. Anyone who does is a scammer.
  • Use a PIN you don't use anywhere else, and enable your device biometrics.
  • Only download Sawa from the official app stores or links on sawawallet.org.

Responsible disclosure

Found something? Tell us first.

We welcome good-faith security research. If you believe you've found a vulnerability in Sawa Wallet, our website, or our APIs, email us with enough detail to reproduce it. We'll acknowledge within 72 hours, keep you updated as we fix it, and credit you if you'd like. Please don't access other users' data, disrupt the service, or disclose publicly before we've had a reasonable chance to remediate.

security@sawawallet.org

Questions about privacy instead? See our Privacy Policy or AML statement.