> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sproutfi.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Safety

> How Sprout protects your funds and account

## Account Security

### Authentication Methods

Sprout uses Privy for secure authentication, offering multiple login options:

#### Email Login

* Email-based authentication with secure verification
* Privy creates an embedded wallet for you
* No seed phrase management required
* Protected by your email security + optional 2FA

#### Social Login

* **Apple**: Sign in with Apple ID
* **Google**: Sign in with Google account
* Privy creates an embedded wallet
* Leverages existing account security

#### Wallet Connection

* Connect any Base-compatible wallet
* Full self-custody maintained
* You control your private keys
* All Base wallets supported via Privy adapter

### Two-Factor Authentication (2FA)

<Tip>
  Enable 2FA for additional account protection.
</Tip>

**How to Enable 2FA**:

1. Navigate to **Settings** → **Security**
2. Select **Enable 2FA**
3. Choose your method:
   * Authenticator app (Google Authenticator, Authy)
   * SMS (if available)
4. Follow setup instructions
5. Save backup codes in a secure location

**Why 2FA Matters**:

* Prevents unauthorized access even if password is compromised
* Required for high-value withdrawals (optional setting)
* Industry-standard security practice

## Fund Security

### Smart Contract Security

**Multi-Layer Protection**:

1. **Protocol Audits**: Only integrate protocols with multiple audits from reputable firms
2. **Code Review**: Internal security review before integration
3. **Gradual Rollout**: Start with small allocations, increase as confidence grows
4. **Bug Bounties**: Many protocols have active bug bounty programs

### Risk Management

**Diversification**:

* Never allocate >30% to any single protocol
* Spread across multiple chains
* Mix of protocol types (lending, LP, delta-neutral)

**Continuous Monitoring**:

* Real-time on-chain surveillance
* Automated risk alerts
* Daily liquidity checks
* Smart contract health monitoring

**Emergency Response**:

* Immediate rebalancing if risks detected
* Emergency withdrawal capabilities
* Communication plan for incidents
* Post-mortem analysis and improvements

### Insurance Options

**Current Status**: We're exploring insurance options.

**In Progress**:

* Discussions with DeFi insurance providers
* Researching best practices from traditional finance

**Updates**: Will be announced as plans are finalized.

## Best Practices for Users

### Protect Your Account

<CardGroup cols={2}>
  <Card title="Do" icon="check">
    * Enable 2FA immediately
    * Use a strong, unique password
    * Keep your email account secure
    * Verify you're on the official Sprout domain
    * Log out on shared devices
    * Review account activity regularly
  </Card>

  <Card title="Don't" icon="xmark">
    * Share your login credentials
    * Use the same password as other services
    * Click suspicious links claiming to be Sprout
    * Disable security features for convenience
    * Ignore security notifications
  </Card>
</CardGroup>

### Protect Your Funds

<CardGroup cols={2}>
  <Card title="Do" icon="check">
    * Start with small deposits to test the platform
    * Review all transaction details before approving
    * Monitor your balance regularly via transparency dashboard
    * Report suspicious activity immediately
  </Card>

  <Card title="Don't" icon="xmark">
    * Deposit funds you can't afford to lose
    * Ignore risk warnings
    * Approve transactions you don't understand
    * Share your screen during transactions
  </Card>
</CardGroup>
