Security & Trust at PolyFund

How we protect donations, data, and platform integrity

Security and compliance are foundational to PolyFund. Our platform is designed to support lawful political fundraising while protecting donor data, campaign funds, and system integrity through layered security controls and transparent infrastructure.

Security Overview

PolyFund combines stablecoin-based payments with established security practices to protect transactions and platform operations.

Core principles include:

  • Defense-in-depth security architecture
  • Non-custodial fund handling
  • Regulatory-aware system design
  • Continuous monitoring and oversight

Blockchain & Infrastructure Security

PolyFund operates on both Ethereum mainnet and Base, an Ethereum Layer 2 network developed by Coinbase. This infrastructure provides:

  • Immutability: Transactions cannot be altered or reversed once confirmed
  • Transparency: Transactions are publicly verifiable on-chain
  • Resilience: Built on Ethereum's battle-tested infrastructure
  • Decentralized settlement: Reduces reliance on centralized intermediaries

Smart Contract Security

Smart contracts manage the routing of USD-backed stablecoin (USDC) donations between donors and campaign wallets.

Security measures include:

  • Independent third-party security reviews
  • Careful review of critical contract logic
  • Multi-signature controls for administrative functions
  • Time-locked upgrades with public visibility
  • Responsible disclosure and vulnerability reporting processes

Wallet & Fund Security

PolyFund is a non-custodial platform. Campaigns and donors retain control of their funds at all times.

  • Secure wallet connection protocols
  • Transaction signing occurs within the user's wallet, not on PolyFund servers
  • PolyFund never has access to private keys

Data Protection

PolyFund applies reasonable and industry-standard data protection practices to safeguard user information.

  • Encrypted communications between client and servers
  • Restricted access to sensitive systems and data
  • Segmented infrastructure to limit access exposure
  • Secure backup and recovery procedures

Identity Verification

Identity verification is handled by Coinbase, a publicly traded and regulated financial institution.

  • Identity verification is performed through Coinbase's infrastructure
  • PolyFund receives only verification status
  • PolyFund does not store copies of identity documents

Access Controls & Internal Security

Internal access to PolyFund systems is strictly controlled.

  • Role-based access control (RBAC)
  • Multi-factor authentication for internal systems
  • Principle of least privilege
  • Audit logging of administrative actions
  • Regular access reviews and deprovisioning

Monitoring & Incident Response

PolyFund maintains processes to monitor platform activity and respond to potential security incidents.

  • Ongoing monitoring for suspicious activity
  • Incident response procedures for identified issues
  • User notification in the event of confirmed incidents, as required

Responsible Disclosure

PolyFund welcomes responsible security research.

If you believe you have identified a vulnerability:

  • Contact us at hello@polyfund.us
  • Include detailed steps to reproduce the issue
  • Allow reasonable time for investigation and resolution
  • Avoid public disclosure until the issue has been addressed

We appreciate the role of the security community in helping protect users and campaigns.

Our Commitment

PolyFund is committed to maintaining a secure, transparent, and compliant platform for political fundraising. Security practices are reviewed and updated as the platform evolves and regulatory expectations change.

Getting Started

Start FundraisingDonate with Stablecoins

See also: Privacy Policy | Terms of Service | Compliance