Testnet

Security model

Glidepay is a server-custodial wallet: Circle holds the signing capability, glidepay coordinates user intent, and you authenticate via email. Here's exactly what that means and what the trust boundaries are.

Who holds the keys

Circle's Developer-Controlled Wallets infrastructure. The signing material is sealed inside Circle's entity secret + their HSM setup. Glidepay never sees private keys; we send signing requests over Circle's API.

This is the same custody model used by any wallet app that doesn't make you write down a seed phrase. The trade-off vs self-custody is well-known: easier UX for normal users, slightly more trust required.

What we store about you

  • Your email (from Clerk)
  • Optional display name, avatar, pay tag
  • Your Circle wallet IDs (Arc + each receive chain)
  • Transaction history we've recorded (off-chain mirror of on-chain events)
  • Saved contacts, payment requests, scheduled transfers
  • Push notification subscription (if enabled)
  • Recent Billy chat history (last ~80 messages)

Full detail: see the in-app Privacy Policy.

What we don't store

  • Private keys, seed phrases, signing credentials. Circle's domain, not ours.
  • Marketing trackers, behavioural analytics, device fingerprints
  • Card / bank details. There's no fiat onramp.

On-chain data

Everything you do on Arc is public: wallet address, transaction hashes, amounts. Anyone with a block explorer can see them. This is true of every wallet on every public blockchain.

Account deletion

Profile → Delete account hard-deletes your glidepay profile, all related rows, and your Clerk account. On-chain balances stay on Arc. They aren't ours to delete. Withdraw them first if you want them.

Idempotency & double-spend protection

Every send through /api/sendchecks for a duplicate (same recipient, amount, token, last 10s) and short-circuits if one exists. Money-out chat intents require an explicit confirmation tap. Webhook retries from Circle can't trigger duplicate Universal Receive sweeps. The claim is atomically locked by a DB unique constraint.

Disclosure

Found a security issue? Email security@glidepay.cash before disclosing publicly. We'll respond within 48 hours and coordinate a fix.

Related: Architecture, FAQ.