# 🛡️ Security and Compliance

**Overview**\
Defense-in-depth across the stack: encryption in transit/at rest (AES-256 + ECC), hardware-backed signing, simulation & slippage guards, path failover, post-trade reconciliation, and continuous monitoring.

**Compliance & Privacy**\
Privacy by default; KYC/AML only where legally required. GDPR-aligned data minimization; user-controlled export/delete; region-aware feature gating for sensitive functionality.

**Encryption**\
Key material protected via secure enclaves/secure elements; modern TLS with AEAD; authenticated storage for sensitive metadata; device binding for high-risk actions.

**MPC Modelling**\
Optional MPC recovery eliminates single-seed exposure; threshold signatures maintain non-custodial control and enable policy-based recovery.

**Optimization**\
Routing and execution engines re-price routes in real time; MEV-aware protections, slippage caps, and failover improve reliability and cost predictability.