SMultisig is a web application for operating threshold multisignature accounts on Safrochain. Teams configure a K-of-N signer set, draft transactions off-chain, collect compatible partial signatures from member wallets, and broadcast when the threshold is satisfied. The app never holds private keys.

Which blockchains and networks does SMultisig support?

SMultisig is built specifically for Safrochain mainnet and testnet (Cosmos SDK 0.50). It supports native SAF, IBC tokens, and Token Factory denoms with automatic symbol and icon resolution.

Which wallets work with SMultisig?

Signers connect with Keplr, Leap, or Cosmostation browser extensions. Authentication uses ADR-036 sign-in with your wallet; transaction signing uses standard Amino SignDoc flows compatible with Cosmos legacy multisig.

Is SMultisig custodial?

No. SMultisig is non-custodial coordination software. Private keys remain in each signer's wallet. The server stores transaction drafts, partial signatures, and collaboration metadata only.

How does K-of-N threshold signing work?

A multisig account requires K signatures out of N authorized signers to execute a transaction. SMultisig tracks pending drafts, shows signature progress, verifies each partial signature against the canonical SignDoc, and combines signatures for broadcast when quorum is reached.

Can I recover a multisig if the database is lost?

Yes. On-chain multisig accounts and balances are unchanged. Authorized members can use the Recover flow to re-register an existing Safrochain multisig address by proving membership with the original signer public keys and threshold.

What transaction types can SMultisig compose?

The composer supports Send, batch payouts (MultiSend), IBC transfer, staking delegate/undelegate/redelegate, reward withdrawal, governance vote and deposit, authz grant/revoke, fee grant, and Token Factory create/mint/burn/set metadata messages.

Who is SMultisig for?

Teams, DAOs, foundations, validators, and builders who need shared custody on Safrochain - treasuries, payroll, grants, protocol ops, and any workflow that requires multiple approvers before funds move.

Privacy Policy | SMultisig

1. Introduction and Scope

This Privacy Policy (this “Policy”) describes how information is collected, used, disclosed, retained, and protected in connection with Safrochain Multisig (the “Application”), a self-hosted threshold multisignature coordination tool for Safrochain and compatible Cosmos SDK networks. The Application is designed as a non-custodial software product: private cryptographic keys remain exclusively within user-controlled wallet extensions and are never transmitted to, stored by, or recoverable through the Application.

This Policy applies to end users, multisig members, administrators, and operators who access or interact with any deployment of the Application, whether hosted by the Safrochain Foundation, a community operator, or a private organization (each, an “Operator”). The entity responsible for data processing in respect of a given deployment is the Operator of that instance, subject to the architectural constraints and product design described herein.

By connecting a wallet, authenticating via signed message, or otherwise using the Application, you acknowledge that you have read this Policy and understand its terms. If you do not agree, you must not use the Application.

2. Definitions

“Application” means the Safrochain Multisig web application, associated server components, APIs, realtime channels, and documentation made available for threshold multisignature coordination on Safrochain.

“Authentication Data” means wallet addresses, public keys, session tokens, session identifiers, authentication timestamps, and cryptographic signatures produced during wallet-based sign-in (including ADR-036 or functionally equivalent schemes).

“Collaboration Data” means off-chain operational information stored to enable team workflows, including multisig account names and descriptions, member nicknames, role assignments, transaction drafts, titles, memos, partial signatures, simulation results, audit events, and related metadata.

“On-Chain Data” means information retrieved from public blockchain sources, including account balances, transaction history, sequence numbers, account numbers, and publicly broadcast transaction contents.

“Operator” means the person or entity that deploys, hosts, configures, and administers a particular instance of the Application.

“Personal Data” means any information relating to an identified or identifiable natural person, to the extent such concept applies under applicable privacy and data protection laws.

“User” means any individual or entity accessing or using the Application. References to “you” mean the User.

3. Categories of Information Processed

3.1. Authentication and Identity Data

When you connect a supported wallet (such as Keplr, Leap, or Cosmostation), the Application processes your wallet address and public key as returned by your wallet extension. Authentication is completed through a signed message; the Application verifies the signature and establishes a session. Session credentials are issued via HttpOnly cookies and associated server-side records. Session identifiers are stored in hashed form where configured.

3.2. Collaboration and Operational Data

To support multisig workflows, the Application stores Collaboration Data necessary for drafting, reviewing, signing, simulating, and executing transactions among authorized members. This may include human-readable labels you or your organization supply, as well as technical artifacts required for signature aggregation and broadcast preparation.

3.3. On-Chain and Public Ledger Data

The Application queries Safrochain RPC and REST endpoints (and related infrastructure configured by the Operator) to display balances, token metadata, account sequence state, simulation outcomes, and transaction status. On-Chain Data is inherently public on the blockchain and is not controlled by the Application Operator once broadcast.

3.4. Technical and Security Logs

Operators may configure server logging, rate limiting, intrusion detection, backup systems, and error monitoring. Such systems may process IP addresses, user agent strings, request timestamps, API paths, error traces, and security events. The scope and retention of such logs depend on Operator configuration and hosting environment.

3.5. Information We Do Not Collect

Seed phrases, private keys, mnemonics, or wallet passwords;
Custodial credentials or recovery secrets of any kind;
Government-issued identification, unless separately requested by an Operator under independent KYC or compliance programs outside the core Application;
Payment card or traditional banking information through the Application itself;
Advertising profiles, behavioral ad tracking, or sale of Personal Data to data brokers.

4. Purposes and Legal Bases of Processing

Information is processed for the following purposes, depending on applicable law and Operator role:

Service delivery: to authenticate users, enforce member-only access, display multisig accounts, coordinate partial signatures, simulate transactions, and facilitate broadcast when quorum requirements are met;
Security and integrity: to verify SignDoc binding, detect anomalous sessions, apply transport hardening, classify outbound transfers, maintain audit trails, and protect against unauthorized access;
Administration: to manage roles, permissions, multisig membership metadata, and organizational settings configured by authorized managers;
Compliance: to respond to lawful requests, enforce terms of use, and satisfy legal obligations where applicable;
Improvement: to diagnose defects, improve reliability, and develop features, using aggregated or de-identified information where feasible.

Where GDPR or similar regimes apply, processing may rely on contract performance, legitimate interests in operating secure financial coordination software, compliance with legal obligations, and, where required, consent. Operators are responsible for determining appropriate legal bases for their deployments.

5. Cookies and Similar Technologies

5.1

The Application uses strictly necessary session cookies to maintain authenticated state after wallet sign-in. These cookies are essential to operation and, in standard configurations, cannot be disabled without preventing login.

5.2

The Application does not deploy third-party advertising cookies or cross-site tracking pixels as part of its core design. Operators who embed analytics or monitoring tools are responsible for disclosing and configuring those tools in compliance with applicable law.

5.3

In production environments, Operators should enforce HTTPS, HSTS where appropriate, secure cookie attributes (Secure, HttpOnly, SameSite), and fail-closed authentication configuration.

6. Disclosure and Sharing

The Application does not sell Personal Data. Information may be disclosed only in the following circumstances:

Among authorized multisig members within the same instance, consistent with role-based access controls;
To infrastructure providers engaged by the Operator (hosting, RPC providers, backup services), subject to contractual confidentiality and security obligations;
To wallet extensions when you initiate connection, signing, or chain suggestion flows in your browser;
To the public blockchain when transactions are broadcast, as On-Chain Data becomes permanently visible on the ledger;
For legal reasons when disclosure is required by law, regulation, court order, or governmental request, or to protect rights, safety, and integrity of users and systems;
In corporate transactions involving an Operator, subject to applicable notice requirements.

7. International Transfers

Operators may host instances in any jurisdiction. If you access the Application from outside the hosting region, your information may be transferred to and processed in countries with different data protection standards. Operators deploying in regulated environments should implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, where required by law.

8. Retention

Retention periods depend on Operator policy, multisig operational needs, and legal requirements. Indicative practices include:

Session data: until logout, expiry, or invalidation;
Collaboration Data: for the life of the multisig account and organizational retention schedule configured by the Operator;
Security logs: as determined by Operator, often between thirty (30) and three hundred sixty-five (365) days unless longer retention is required for incident investigation or legal hold;
On-Chain Data: immutable and permanent on the blockchain regardless of Application retention settings.

Operators should define and publish instance-specific retention schedules where required by applicable law.

9. Security Measures

The Application incorporates security-by-design principles, including wallet-native authentication, SignDoc verification before signature storage, outflow classification for external sends, hashed session tokens, role-based access control, encrypted backups where configured, and transport hardening. No system is completely secure. Users must protect their devices, wallet extensions, and organizational access policies.

You are responsible for maintaining the confidentiality of your wallet and device. Compromise of a signer endpoint may permit unauthorized signatures or access within the permissions granted to that address.

10. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, object to, or port Personal Data, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority.

Disconnect your wallet and terminate your session at any time;
Request correction of inaccurate Collaboration Data through your multisig manager or Operator;
Cease participation in a multisig by organizational governance and by refraining from further signatures;
Contact the Operator of your instance to exercise statutory privacy rights.

Because blockchain addresses may constitute pseudonymous identifiers, erasure of On-Chain Data is generally technically infeasible once transactions are confirmed. Off-chain Collaboration Data may be deleted or anonymized subject to Operator capability and legal obligations.

11. Children

The Application is not directed to individuals under the age of eighteen (18), or the age of majority in their jurisdiction if higher. We do not knowingly collect Personal Data from children. If you believe a child has provided information through an instance, contact the relevant Operator.

12. Third-Party Services

The Application integrates with third-party wallet extensions and may rely on public RPC providers, indexers, and token metadata sources. Those services are governed by their own privacy policies. Operators are responsible for selecting trustworthy infrastructure providers.

13. Changes to This Policy

We may revise this Policy from time to time. Material changes will be indicated by updating the “Last revised” date above. Continued use after changes become effective constitutes acceptance of the revised Policy, except where prohibited by law. Operators may publish additional notices for regulated deployments.

14. Contact

Privacy inquiries should be directed to the Operator of the instance you use. For Foundation-operated or community instances, contact channels published on the official Safrochain website or your organization's designated compliance contact.

NOTICE: THIS POLICY DESCRIBES THE PRODUCT ARCHITECTURE AND STANDARD OPERATING PRACTICES. IT DOES NOT CONSTITUTE LEGAL ADVICE. OPERATORS AND USERS SHOULD CONSULT QUALIFIED COUNSEL TO ADDRESS JURISDICTION- SPECIFIC OBLIGATIONS, REGULATORY REQUIREMENTS, AND ORGANIZATIONAL POLICIES APPLICABLE TO DIGITAL ASSET TREASURY OPERATIONS.