Safety & Security

How Momo protects your data, what it can and cannot do, and why execution is always human-controlled.

Data Security

• Encryption at rest - all user data stored with AES-256-GCM encryption
• SSL/TLS everywhere - all subdomains served over HTTPS with valid certificates
• JWT authentication - 7-day token expiry, bcrypt password hashing
• Telegram auth - HMAC-validated initData for all Mini App sessions
• Rate limiting - brute force protection on all auth and API endpoints
• Per-user isolation - no cross-user data access is architecturally possible

What Momo Will Never Do

• Execute a blockchain transaction without your explicit confirmation
• Share your data with other users or third parties
• Store or request your wallet private keys
• Trade on your behalf without your approval

Execution Model

The current execution model is Mode B - Assisted:

1. You select a pool or action
2. Momo generates the full transaction plan (steps, amounts, gas estimates)
3. You review the plan
4. You approve and sign via your own wallet - nothing happens until then

Disclaimers

Wallet Scoring

RAWR scores and copy quality labels are analytical tools, not financial advice. Past wallet performance does not guarantee future results. Always do your own research before copying any trader or entering any position.

Yield Opportunities

Yield scores reflect current on-chain data and historical APY stability. They do not account for smart contract risk, protocol exploits, or sudden liquidity changes. DeFi is inherently risky - never deposit more than you can afford to lose.

Privacy

• Wallet addresses you score are queried on demand - not stored permanently
• Your conversations are stored encrypted and are private to your account
• Momo does not use your conversations to train AI models
• You can request data deletion at any time via support