Solstice Staking AG maintains institutional-grade security practices across all layers of our infrastructure. This policy outlines our controls, procedures, and commitments to protecting user data and platform integrity.
Solstice Staking AG operates institutional-grade security infrastructure. Our policies are designed to protect user data, platform integrity, and validator operations at all layers of the stack.
User roles and permissions are defined based on job responsibilities. We enforce the principle of least privilege — no personnel receive access beyond what is necessary for their function.
All sensitive data in transit is encrypted using SSL/TLS. Sensitive data at rest is encrypted within our databases. We maintain strict data lifecycle procedures with ongoing surveillance for unauthorised access patterns.
We regularly scan the platform for vulnerabilities using reputable security tools. Software components — including web servers, plugins, and other dependencies — are promptly patched and updated. A documented remediation process addresses emerging threats systematically.
All engineering follows secure coding practices with mandatory code reviews. Sensitive values — including keys and credentials — never appear in source code. Input validation protects against cross-site scripting (XSS), and parameterised queries prevent SQL injection.
We deploy intrusion detection systems and analyse system activity for suspicious patterns through real-time alerting. Our security operations team reviews alerts continuously and responds to events under defined SLAs.
A formal incident response plan outlines the steps to take in case of a security breach. A designated response team with clear roles and responsibilities is maintained and regularly tested through tabletop exercises and simulations.
Server infrastructure is housed in secured facilities with controlled access and appropriate environmental safeguards including fire suppression, redundant power, and climate control. Physical access to critical systems is logged and restricted to authorised personnel only.
All staff receive regular security awareness training addressing threat recognition, phishing and social engineering defence, credential management, and information protection. Security training is mandatory and tracked for completion.
We evaluate the security posture of all external service providers before integration and maintain ongoing oversight of integrated tools. Third-party security reviews are required for any service handling sensitive data or accessing production systems.
We conduct periodic security assessments and audits to identify potential weaknesses. Third-party security professionals are engaged to perform penetration testing and code reviews on a regular basis.
Security Disclosures
To report a security vulnerability or concern, please contact our security team directly:
Email: info@solsticelabs.io
