security hero bg

Security at Alchemy

Title icon

Data security

    Transport layer security

    All of our API calls use TLS to help protect the integrity, privacy, and security of your requests.

    Regular security testing

    We regularly conduct security tests on our systems and applications, and utilize third parties to annually perform penetration tests.

    Distributed denial of service (DDoS)

    We rely on industry standard systems to protect our services against wide-scale coordinated attacks.

Title icon

Operational
Security

    Employee training

    Our employees are trained on security controls and are taught how to identify and report phishing attacks.

    Access controls

    We enforce Single Sign-On with multi-factor authentication (MFA), and use Role Based Access Control to limit employees’ access to only the resources they need. We require phishing-resistant, hardware-based MFA for sensitive access.

    Corporate endpoint security

    We actively monitor all company-issued laptops for any suspicious behavior using industry standard tooling.

    Vendor management

    We assess the security of our third-party vendors to ensure they meet our
    high standards.

Title icon

Cloud Security

    Secure cloud providers

    We utilize Amazon Web Services, Google Cloud Platform, and Cloudflare, all of which are SOC 2 certified.

    Key management services

    We use cloud-native secrets management to properly secure internal secrets and keys.

    Continuous monitoring

    Our cloud environment is continuously monitored to alert us of any suspicious activity.

Security issue banner

Security issue?

If you identify any security issues with any of our products, please report them using the support button, or email [email protected]

Explore best practices for building on Alchemy

Section background image

Build blockchain magic with Alchemy

Alchemy combines the most powerful web3 developer products and tools with resources, community and legendary support.