📄

NFID data security overview

NFID uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.

NFID data security and encryption

The security of your data starts with the security of your NFID. We recommend enabling two-factor authentication to help protect you from fraudulent attempts to gain access to your account.

The data you store in NFID is encrypted and protected

Your NFID data is encrypted, the encryption keys are secured in NFID data centers until they can be generated by a blockchain, and only certain data is end-to-end encrypted.

🙅
About end-to-end encrypted data End-to-end encrypted data can be decrypted only where you’re signed in with your NFID. No one else can access your end-to-end encrypted data — not even the team developing NFID — and this data remains secure even in the case of a data breach in the decentralized cloud. If you lose access to your account, only you can recover this data using your passkeys and recovery phrase.

Data categories and encryption

The table below provides more detail on how your data is protected.

Data category
Encryption
Storage
BTC key
End-to-end
Private smart contract
EVM key
End-to-end
Private smart contract
ICP key
End-to-end
Private smart contract
Email address
End-to-end
Private smart contract
Passkey metadata
End-to-end
Server*
Profile information
End-to-end
Private smart contract

*Some metadata information is stored encrypted in a server for improvements in the user experience, primarily for reducing latency. However, this information will also be moved to encrypted storage in smart contracts over time.

Chain-key delegations

User authentication occurs by using a session key (e.g., Ed25519 or ECDSA) to create a delegation chain that allows the session key to sign for the user's main identity.

When 2FA is enabled, delegation identities are generated client-side and are one of the internet’s most secure authentication protocols.

Only a delegation identity is able to access and use its own encryption key, making encrypted data in NFID some of the most secure on the internet.

About third-party data centers

When processing data stored in a third-party data center, encryption keys are accessed only by NFID software running on secure servers, and only while conducting the necessary processing.

Even though secure servers are used for some parts of the data encryption handshake, delegation identities make it impossible for NFID data to be accessed by anyone but the owner.