Security model
Trust is the product.
Here's how it's built.
A company that answers the phone when you're being scammed has to be harder to impersonate, harder to breach, and easier to verify than anything else in your life. That constraint shapes everything below.
Architecture
We can't lose what we never hold.
No custody, structurally
We hold no funds, no keys, no wallet access. There is no vault to breach — the most valuable thing we store about your crypto is a phone log.
Payments isolated to Stripe
Card details go from your browser to Stripe (PCI-DSS Level 1) and never touch our servers. We see subscription status, not numbers.
Identity handled by Clerk
Sign-in runs on dedicated identity infrastructure with passkeys and authenticator-app MFA — the same standard we teach members to demand everywhere.
Your account
The standard we sell is the standard we run.
Member accounts support passkeys — phishing-resistant by design — and authenticator-app codes. SMS codes, the weakest common factor, are not part of our sign-in. We prompt every member to enable strong factors during onboarding, and walk you through it on the call.
Data practices, briefly
- — We never collect seed phrases or exchange passwords. Never.
- — Verification records kept up to 3 years, then deleted or anonymized.
- — No selling data, no advertisers. Processors: Clerk, Stripe, Vercel.
- — Impostor patterns are shared across members in anonymized form only.
The standing rule
Daymark will never:
- 01
Call, text, or email you first — all contact starts with you
- 02
Ask for your seed phrase, private keys, or exchange passwords
- 03
Ask you to move funds, make a “test transaction,” or install remote-access software
- 04
Ask you to pay us in crypto or gift cards
- 05
Pressure you to act before you've verified — even with us
Any message that breaks one of these rules is not from us, no matter how convincing. Members: report it on the line. That rule is the product working.
Researchers
Found something? Tell us first.
We welcome good-faith security research. Email rkeen9044@gmail.com with “Security disclosure” in the subject — those messages are read before anything else. We won't pursue action against good-faith research that respects member data.