Access Management
Access Controls
Each CoKeeps component employs its own approach to data management and permission control for reading or modifying data. For the Client Administration and Wallet components, login attempts are verified using a One-Time Password (OTP) sent via email. A Time-based One-Time Password (TOTP), generated by an authenticator application of your choice, is required for any action that modifies information or initiates a transaction.
The Cold Wallet component additionally uses a passphrase and PIN mechanism to protect key generation. Access to this component is restricted to a single device per user.
Access to the Hot Wallet is mediated by the CoKeeps SDK (CKSDK), which manages cryptographic key pairs and signs all requests. This avoids reliance on static API keys, reducing the risk of credential exposure and mitigating spoofing. CKSDK supports both backend-driven workflows and user-bound operations, enabling flexible integration with your platform while maintaining strong security and per-user accountability. For further details, please refer to the Hot Wallet section.
Data privacy and protection
Throughout the registration process and ongoing operations within the CoKeeps platform, we prioritise the privacy and security of your information. CoKeeps does not store sensitive data such as PINs, secrets, passwords, or other personal information in our databases. We only require your email address to facilitate OTP authentication and transaction notifications, with all other data handled cryptographically to ensure confidentiality.
For Hot Wallet integration with your existing platform, which may require user-related data for tasks such as address identification or approval processes, CoKeeps maintains a strict policy of not storing or processing any Personally Identifiable Information (PII). Instead, we require the use of Universally Unique Identifiers (UUIDs) to represent user data. These anonymous identifiers are internally mapped within the CoKeeps system to preserve anonymity and privacy.
To uphold the integrity and authenticity of stored data, CoKeeps employs a Signature-Based Data Verification (SBDV) mechanism across its platforms. For each interaction with the Hot Wallet, the CoKeeps SDK (CKSDK) signs the request and its payload using the appropriate cryptographic key pair, and both the payload and signature are stored in the database. When the system subsequently reads or processes this data, it re-validates the signature to ensure the data has not been altered and that it was authorised by the correct user or service, providing strong integrity guarantees and clear accountability. In addition, CoKeeps is SOC 2, ISO 27001, and SOC 1 certified, demonstrating that our data management and security practices have been independently audited and meet recognised industry standards.
Organisation
Roles & Permissions
Authoriser: An individual responsible for managing organisational information and configuring users, policies, contacts, smart contracts, and the Hot Wallet. Each Authoriser can be assigned to a specific scope. For example, roles can be segregated into several distinct scopes: one Authoriser may manage users and roles, another may oversee smart contract and Hot Wallet configurations, while a third may be responsible for managing contacts and policies.
Payer: An optional designated individual who oversees subscription and payment processes. This role does not have access to any other views or actions.
Signer: A designated entity responsible for wallet account creation, executing transactions, and signing messages. This entity can be either a human user managing the process manually or a machine assigned to perform automated tasks invoked from the Hot Wallet. The Authoriser defines the networks, tokens, and operational scope within which a Signer can act.
Hot Wallet Users: These users are registered through the Hot Wallet API and are typically your end users rather than CoKeeps Cold Wallet users. Hot Wallet users are divided into two roles:
user: Your standard end user, whose capabilities are intentionally restricted - primarily to creating deposit addresses and initiating withdrawals, subject to the limits and policies defined by your platform.
admin: Your operational or platform administrators, who can perform all actions available to a standard user, along with additional administrative capabilities (such as reviewing, approving, or managing Hot Wallet–related operations, depending on your integration and policy design).
Across all CoKeeps roles, we strongly recommend assigning different individuals to different roles wherever possible to avoid concentrating excessive privileges in a single account. Separating duties supports proper governance, introduces maker-checker controls, and reduces the risk associated with compromised or misused credentials.
Contacts
A contact represents the address or public key of a native or token account and can be designated either as a destination or as a signer. A destination indicates that the address is eligible to receive outgoing transactions. A signer is a designated address that can participate in the creation of a multi-signature account.
These controls are designed to support organisational governance, ensuring that no single individual, such as a signer can unilaterally send transactions or add other signers to a multi-signature account without appropriate oversight.
Policies
All multi-signature accounts can be governed by configurable policies - sets of restrictions tailored to your specific use cases. Policies can define who is allowed to initiate transactions, impose transaction limits, enforce strict destination whitelists, and more, ensuring that every action aligns with your organisation's governance and risk controls.
Every customer deployment is single-tenant, meaning we do not share environments, networks, or databases across customers. As a result, partially signed transactions require a dedicated mechanism for sharing information - an off-chain control layer that manages the process flow of multi-signature transactions.
Our policy framework is designed to be platform-agnostic: policy data (encrypted) is stored in the Interplanetary File System (IPFS) and can be accessed by third-party platforms to perform the final signing steps.
NOTE
Every multi-signature account held under CoKeeps custody must have an associated policy that complies with the custodial requirement agreement.