Security Practices at Alchemy - Web3 Development Platform

Data Security

Transport Layer Security (TLS)

All of our API calls use TLS to help protect the integrity, privacy, and security of your requests.

Regular security testing

We regularly conduct security tests on our systems and applications, and utilize third parties to annually perform penetration tests.

distributed denial of service (DDoS)

We rely on industry standard systems to protect our services against wide-scale coordinated attacks.

Operational Security

Employee training

Our employees are trained on security controls and are taught how to identify and report phishing attacks.

Access Controls

We enforce the use of Single Sign-On with multi-factor authentication (MFA), and use Role Based Access Control to limit employees’ access to only the resources they need. We require phishing-resistant, hardware-based MFA for sensitive access.

corporate endpoint security

We actively monitor all company-issued laptops for any suspicious behavior using industry standard tooling.

vendor management

We assess the security of our third-party vendors to ensure they meet our high standards.

Cloud Security

secure cloud providers

We utilize Amazon Web Services, Google Cloud Platform, and Cloudflare, all of which are SOC 2 certified.

key management Service (KMS)

We use cloud-native secrets management to properly secure internal secrets and keys.

Continuous monitoring

Our cloud environment is continuously monitored to alert us of any suspicious activity.

Security at Alchemy

If you identify any security issues with any of our products, please report them using the support button, or email [email protected]

Build web3 with Alchemy