Security Model
Dripelo is built with bank-grade security. Your sign-in is phishing-resistant, your funds are safeguarded, and you always stay in control.
How You Sign In
Dripelo uses passkeys instead of passwords. A passkey is created on your device and protected by your biometrics (Face ID, Touch ID, or fingerprint).
- No passwords: Nothing to remember, nothing to leak
- Phishing-resistant: A passkey is bound to Dripelo and can't be stolen or copied like a password
- Device-bound: Your passkey lives in your device's secure hardware
- Biometric protection: Every sensitive action needs your Face ID or fingerprint
Verified Identity
Your social handle, phone number, or email is linked to your account so people can pay you without account numbers:
- Verified ownership: You prove you own the handle via OAuth, SMS, or email
- Privacy preserved: Phone and email are stored as secure hashes, never in the clear
- Permanent link: Once registered, your handle is bound to your account
Safeguarded Funds
- Encryption: Your data is encrypted in transit and at rest
- Hardware isolation: Sensitive systems run on isolated, secure hardware
- Regulated: Dripelo follows identity verification (KYC) requirements as a regulated broker
- You stay in control: No one can move your money without your approval
How Approvals Work
When you make an investment, send money, or change a sensitive setting:
- You authorize with your passkey (Face ID, fingerprint, etc.)
- Dripelo verifies the request against your account
- The action is completed securely
- Nothing happens without your explicit approval
Security Guarantees
- No single point of failure: Sensitive systems are isolated and independently protected
- Phishing-resistant: Passkeys are bound to Dripelo and cannot be stolen like a password
- You approve everything: No money moves without your authorization
- Hardware-backed: Critical infrastructure runs on isolated, secure hardware
Comparison
vs. Passwords
| Passwords | Dripelo | |
|---|---|---|
| What you store | A secret to recall | A passkey on your device |
| Can be phished | Yes | No |
| If leaked | Account at risk | Nothing to leak |
| Recovery | Reset email/SMS | Passkey sync or backup recovery |
vs. Traditional Brokers
| Traditional broker | Dripelo | |
|---|---|---|
| Sign-in | Password | Passkey |
| Phishing-resistant | Rarely | Yes |
| Your approval needed | Not always | Always |
Is the code open-source?
Partially yes, and we'll strive to be fully open-source in the future.