Trust Center

Security and Operational Commitments

How Droplit and Sigma are positioned for secure, auditable, and agent-ready wallet workflows.

Trust Principles

Request-level BSV signature verification

Critical API actions require signed request payloads, enabling verifiable operation intent.

Sigma-hosted identity and signing

User-facing auth and signing flows are isolated to Sigma-hosted boundaries for safer key handling.

Droplit-level access controls

API key allowlists and droplit config controls support least-privilege production patterns.

Trust Documentation and Updates

Key resources to review when validating security posture and operational controls.

  • Permission model documentation

    Detailed least-privilege guidance for API scopes and environment-specific access control.

    Available

  • Authentication and request-signing docs

    Step-by-step guidance for Sigma-hosted identity, signed requests, and operational verification.

    Available

  • Ongoing trust and security updates

    We publish material updates to controls, process changes, and trust documentation as they ship.

    Active

Validate Operational Controls

Review authentication and permission model docs to confirm fit for your security requirements.

Open Permission ModelOpen Authentication Guide