Security & Custody Model

Custody Boundaries

All assets associated with wallets created or connected through Lumexo remain under direct user custody. Lumexo does not hold funds, control accounts, or act on behalf of users in any execution capacity.

Custody is enforced by design: transactions are cryptographically signed locally by users on their own devices and submitted directly to the Stellar network, without passing through Lumexo-operated infrastructure.

Keys Control

Private keys are owned and controlled exclusively by users. Keys may be managed locally within user-controlled environments or delegated to external wallet providers selected by the user.

Signing authority always resides with the user. Lumexo cannot generate signatures, initiate transactions, or modify transaction payloads without direct user approval.

User Authorization Model

All transaction execution is initiated through explicit user action. Transaction intent and parameters are presented for review prior to signing, ensuring that authorization is deliberate and informed.

There are no background transactions, automated executions, or implicit approvals within the system. Each transaction requires an explicit signing event.

Backend Trust Assumptions

Lumexo backend services are limited to data aggregation, indexing, and performance optimization. They do not participate in custody, key management, or transaction authorization.

All asset control and transaction settlement remain governed by the underlying network and user-controlled signing processes.

External Wallets and dApps

When external wallets or third-party applications are used, Lumexo functions as a coordination and presentation layer rather than an execution intermediary. Transaction requests originate externally and are authorized directly by the user through compatible signing layers.

Lumexo does not alter protocol logic, enforce execution rules, or mediate on-chain behavior. Risk exposure remains constrained to the scope of user-authorized actions.

Security Scope

This section defines custody and authorization boundaries at a system level. Detailed cryptographic mechanisms, implementation specifics, and threat considerations are documented separately in the technical documentation.