# Security and Custody ClickOptions follows institutional-grade security practices to ensure client funds, Vault capital, and protocol operations remain safe under all conditions. #### **Asset Segregation** * **Client funds** are fully **segregated and held with BitGo**, a regulated third-party digital asset custodian. * **Vault capital** is isolated in smart contracts and custodial accounts, separate from ClickOptions’ operational treasury. * Segregation ensures that client withdrawals and option settlements remain unaffected by ClickOptions’ finances. #### **Custody & MPC/HSM** * BitGo provides **institutional-grade custody**, with wallets secured via **MPC (Multi-Party Computation)** and **HSM (Hardware Security Module)** technology. * Private keys are never concentrated in one location; signing requires threshold approvals. * MPC wallets are used for hot/warm environments, while cold storage remains fully HSM-backed. * Withdrawal approvals are subject to BitGo’s **multi-sig and compliance framework**. #### **Key Ceremonies** * Formal **key generation ceremonies** are conducted by BitGo for custodial keys, following regulated standards. * Vault smart contracts follow a separate key ceremony process for contract deployment, overseen by ClickOptions and independent auditors. * Keys are rotated periodically and following any security event. #### **Penetration Testing & Audits** * BitGo custody is independently **audited and SOC 2 Type II certified**. * ClickOptions commissions regular **penetration tests** on its trading infrastructure. * **Smart contract audits** are mandatory for all on-chain modules (Vault, Regen Pool, DAO governance). * A **bug bounty program** incentivizes responsible vulnerability disclosure. #### **Secure Development Lifecycle (SDLC)** * Development follows a **secure software lifecycle** with: * Peer code reviews. * Automated security scans. * Continuous integration pipelines with inline security checks. * Role-based access for production deployments. * **Threat modeling** is applied for every new feature. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.clickoptions.ai/trust/security-and-custody.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.