Security and privacy

Minimum permissions and clear responsibility

A portfolio tracker processes sensitive relationships even when much of the underlying blockchain data is public. AssetFable separates visibility from custody: the app does not hold customer funds, possess private keys, control wallets, or reverse a blockchain transaction that you approve elsewhere.

Exchange connections are intended for read-only API credentials only. The documented architecture stores them in encrypted form through Supabase Vault or server-side security mechanisms. Security remains a shared responsibility: you must review permissions, protect accounts, and revoke credentials at their source when they are no longer trusted or needed.

AssetFable's security boundaries

The model reduces required permissions and states which risks cannot be removed by a portfolio interface.

Non-custodial wallet tracking

Public addresses can support portfolio information without giving AssetFable a seed phrase or private key. Connecting or signing through a wallet does not make AssetFable the custodian of its assets.

Read-only exchange access

API keys must only be able to view data. AssetFable does not request trading, transfer, or withdrawal permissions and does not execute exchange transactions. An overprivileged key should never be entered.

Server-side credential handling

Exchange credentials are encrypted and processed through documented server-side controls. Session, security, and audit events may support operation, abuse prevention, and troubleshooting.

Privacy without selling personal data

AssetFable does not sell personal data to data brokers. At the documented date, the public website does not use third-party marketing analytics or cross-site advertising cookies; future changes must be reflected in privacy information and consent where required.

Three checks before connecting anything

Treat each wallet, exchange, or third-party flow as an intentional authorization.

  1. Verify the request and domain

    Make sure you are using the official AssetFable website or app. Never enter a seed phrase, private key, or recovery code. Review the network, message, and destination before approving a wallet signature.

  2. Minimize permissions

    Create a separate read-only exchange key and disable trading, transfers, and withdrawals. Enable the security controls available on your accounts and do not reuse credentials across services.

  3. Review and end old connections

    Monitor sync and security state, remove old wallet associations, and disconnect exchanges that are no longer needed. Revoke API keys with the provider as well and use the available account and deletion controls.

No system is risk-free

Minimum access can limit impact but cannot eliminate phishing, compromised devices, provider outages, or public-blockchain risks.

  • Networks can fail, reorganize, charge high fees, or contain faulty contracts. A wrong address, malware, phishing, or lost wallet access can cause permanent loss that AssetFable cannot reverse.
  • Hosting, authentication, database, blockchain, market, payment, and push providers may process technical or personal data under their own roles and terms. Some providers may be located outside your country.
  • Account, portfolio, and connection data is generally retained while the account exists or the feature needs it. Legal, security, billing, and backup obligations can require longer retention of some records.

Deleting data from AssetFable removes internal records under the documented process. Public blockchain entries, app-store records, payment logs, and third-party data remain subject to their own systems.

Security and privacy questions

Will AssetFable ever ask for my seed phrase?

No. AssetFable does not need seed phrases, private keys, or wallet recovery data. Anyone requesting them in AssetFable's name should be treated as a security threat.

Does account deletion remove all blockchain data?

No. AssetFable can delete account records and internal wallet associations under its process, but it cannot remove public transactions, addresses, or NFT ownership from a blockchain.

Does AssetFable sell data or use advertising trackers?

The documented privacy policy states that AssetFable does not sell personal data to data brokers and currently does not use third-party marketing analytics or cross-site advertising cookies on the public website. The current policy remains authoritative.

Review first, connect second

Read the privacy details and connect wallets or exchanges only with the minimum permissions required.