Infrastructure controls

We host 1151 exclusively on AWS services located in the European Union. All customer data stays within EU regions, which helps customers meet data residency and sovereignty requirements.

Data separation and storage

We strictly separate operational data into two categories:
  • Wallet keys: Signing secrets used to authorize blockchain transactions.
  • Objects metadata: Everything else (wallet attributes, transaction metadata, and operational context).
Metadata remains in a dedicated database cluster that is replicated and backed up on a rolling schedule to prevent loss and enable rapid recovery.

Shared security responsibilities

1151 is responsible for maintaining the security and confidentiality of all data stored within our managed systems. Customers retain control over the API keys and other secrets they create, including rotation policies and access controls within their own environments.

API key handling

API keys never persist in plaintext on our platform. We only store salted hashes of customer-issued keys so that we can validate requests while preventing recovery of the original secret even in the event of a compromise.

Wallet key encryption

Wallet keys are never stored alongside metadata. Each key is isolated and encrypted through three sequential cryptographic rounds:
  1. We encrypt the key with the authoritative 1151 platform private key.
  2. We combine that result with a user-specific key that is split into multiple independent parts.
  3. Every key fragment is stored separately, and each fragment is encrypted with a different key drawn from a pool of more than 1,000 managed encryption keys.