Non-custodial architecture and access controls
The most important security property of Sagitta AAA is what it cannot do: it cannot hold assets, sign transactions, or initiate execution. This is not a policy — it is a structural property of how the system is built.
Core security properties
AAA never holds private keys, seed phrases, or signing credentials. Portfolio wallet state is imported as read-only data. The system has no authority to move assets, sign transactions, or interact with smart contracts on behalf of users.
Wallet connections to AAA are structured as portfolio data imports — public address resolution and on-chain balance reading only. No signing requests, no permission grants, no execution authority.
AAA produces allocation decision records as output. What happens with those decisions is determined entirely by the operator. Execution infrastructure — custody solutions, OMS, transaction signing — is fully separate from AAA.
Access to AAA is structured across authority tiers. Observer users have read-only access to allocation outputs. Higher authority tiers require explicit qualification. No one can escalate their own authority within the system.
Policy changes are versioned. Every decision record includes the policy version under which it was evaluated. If policy changes, prior decisions remain readable and verifiable against the policy version that was active at the time.
User authentication is handled through Auth0, a widely-used identity provider with MFA support. AAA does not store passwords. Session management follows current security best practices.
Data handling
Portfolio data
On-chain wallet data is read from public blockchain state — balance queries against public addresses. No private data is transmitted for portfolio import. Custom portfolio inputs (manual asset entries) are stored in your account.
Policy and configuration data
Your policy configurations, constraint definitions, and scenario settings are stored in your account. They are not shared with other users. Policy versions are retained for auditability.
Decision records
All allocation decision records are stored in your account. They include portfolio snapshots, policy configurations, and allocation outputs at the time of the decision. Records are retained for audit and review purposes.
Authentication data
Authentication is handled by Auth0. Sagitta does not store passwords. Account credentials are managed through your Auth0 profile. MFA is available and recommended for accounts with production or doctrine authority.
Responsible disclosure
If you identify a security vulnerability in Sagitta AAA, please disclose it responsibly. Contact the security team directly at security@sagitta.systems before any public disclosure. We will acknowledge reports within 2 business days and work toward remediation before public disclosure.