Security Policy

All data transmitted between your browser and Create servers is encrypted using TLS 1.3. Project data, smart contract source code, and deployment credentials are encrypted at rest using AES-256.

We follow the principle of least privilege across all our infrastructure. Access to production systems requires multi-factor authentication and is logged for audit purposes.

Every smart contract generated through Create undergoes automated security analysis before deployment. Our AI-powered audit system checks for common vulnerabilities including reentrancy attacks, integer overflow, and access control issues.

Contracts are built on top of audited OpenZeppelin libraries where applicable, ensuring battle-tested foundations for your token and protocol logic.

Deployment keys and wallet credentials are never stored in plain text. Private keys used for contract deployment are managed through secure key management services and are never exposed to Create staff.

All mainnet deployments require explicit user confirmation. Testnet deployments use dedicated faucet-funded wallets with no access to real funds.

If you discover a security vulnerability in Create, please report it responsibly by emailing security@create.ai. We aim to acknowledge reports within 24 hours and provide a resolution timeline within 72 hours.

We appreciate responsible disclosure and will not take legal action against researchers who act in good faith.