Paranoid by design.

All wallets and signing keys live in FIPS 140-3 Level 3 HSMs.

Customer gold is segregated from Talabin's own balance sheet at the vault level.

Bank accounts must be allow-listed for 72 hours before first withdrawal.

Face ID or fingerprint required for any value-moving action.

Up to $50k per vulnerability. Disclosed responsibly via security@talabin.org.

Audited annually by an independent firm. Latest report on request.