SECURITY / GOVERNANCE

MPC wallet, key management & policy engine

Control how digital assets are operated, not just stored. Zero third-party reliance.

Book a demo See Treasury
The Vault

Your keys never exist in one place

Private keys are the most sensitive component of digital assets. The Vault protects them through multiple independent layers, supported across all deployment models.

MPC cryptography

The Vault uses true threshold MPC — a T-of-N signature scheme where each private key is split into shares distributed across client devices and TEE-secured servers. The key is never assembled in full at any single point, eliminating the risk of theft even in the event of a breach.

TEE technology

Trusted Execution Environment (TEE) provides hardware-level isolation for key operations. Even if the surrounding server infrastructure is compromised, operations inside the TEE remain protected — key shares cannot be extracted.

Your sole control

Private keys are generated and stored within the client’s own perimeter. The Vault infrastructure never has unilateral access to keys or the ability to sign transactions without client authorisation.

Multi-party computation wallet architecture is supported across all three deployment models — In-house, Cloud, and Hybrid — with the same security guarantees at every level. This is what separates genuine MPC custody from platforms that claim MPC but store key material in a single system.

01. Approval Policies 02. Spending Limits 03. Address Whitelists 04. Enterprise Policy Engine 05. Role-based Permissions 06. Flexible Rule Configuration

Rule-based workflows for transaction authorisation. Define who approves what, under which conditions, and with what quorum requirement — for every wallet and operation type.
POLICY ENGINE

A policy engine that governs every fund movement

Rule-based workflows for transaction authorisation. Define who approves what, under which conditions, and with what quorum requirement — for every wallet and operation type. Structural governance enforced before any key share activates.

Step-by-step: how every transaction is governed

01 Policy Setup Admins configure rules, limits, and quorums.
02 Initiation Authorised user creates a request. Initiators cannot approve.
03 Validation Auto-check against predefined rules. Non-compliant requests are instantly rejected.
04 Approval Routed to designated approvers based on policy quorum.
05 Signing MPC key shares sign across devices and TEE servers.
06 Execution Submitted to the blockchain.

Complete visibility across every wallet and operation

Audit-ready architecture with deep operational visibility, built for regulated environments.

Comprehensive audit trail

Every operation captures initiator, approvers, timestamps, and device identifiers.

End-to-end monitoring

Full visibility across all wallets for compliance and finance teams.

Cryptographic integrity

Tamper-resistant databases ensure audit logs cannot be altered retroactively.

Complete attribution

Nothing is anonymous. Every decision is tracked to a specific user & device.

DEPLOYMENT CONTROL

Same security architecture, deployed your way

Choose where The Vault runs. The MPC key management and policy engine operate identically in every configuration.

In-house (On-premise)

Full on-premise · Maximum control

Deployed on client infrastructure, with all keys and data inside the client perimeter and zero external dependencies.

Cloud

Fully managed · Quick deployment

Managed infrastructure with the same MPC guarantees and policy engine, and no compromise on control.

Managed Service

White-label · Crypto-as-a-Service

White-label custody for your clients under our regulated licence, with AML, KYC and Travel Rule handled for you.

Talk to an expert

Ready to take control of your digital asset operations?

Book a demo