Legal

Regulation

Is Dfns the custodian of private keys?

No, Dfns cannot be considered a custodian in either a technical or regulatory sense. Dfns functions as a technology service provider, offering a modular key management solution to both custodians and non-custodial applications. Businesses using Dfns can either take on custodial roles or delegate custodial responsibilities to end-users. The ability to sign and move assets is the defining factor of custodianship. Through advanced cryptography and technology, Dfns has developed a neutral, resilient, and tamper-proof key management and signing engine. This KMS follows the API controller's instructions, placing custodianship in the hands of those authorized to sign via the API. Dfns not only ensures the authenticity of end-users accessing our APIs but also guarantees the secure creation, storage, management, and utilization of private key shares among a network of independent, distributed, secure, and incentivized key hosting partners.

However, the concept of custodianship for digital assets is not universally understood across all regulations and industries. As many jurisdictions lack clear regulatory guidance concerning digital assets and custodianship, it is advisable to seek legal advice if you have concerns about your rights and obligations in your operating country.

Dfns is dedicated to ensuring adequacy and strives to ensure the usability of its solutions without encountering regulatory obstacles. To achieve this, Dfns has procured two legal assessments from prominent regulatory law firms in France, namely Kramer Levin and Arao Avocats. Additionally, a comprehensive evaluation covering all US states has been obtained from Kenwick.

Sales Team
If you're interested in accessing these resources, reach out to sales@dfns.co

Does Dfns' delegated signing ensure my app is non-custodial?

Yes, based on our thorough understanding and assessment, supported by authoritative legal evaluations from prominent regulatory law firms in both the EU and the US, we can affirm that Dfns provides a version of its Key Management Service (KMS) that, when implemented effectively, grants end-users complete cryptographic authority over asset movements within wallets. This feature makes the intermediary app a straightforward pass-through service only. 

Could there be vulnerabilities? Yes. Is the possibility of breaches present? Yes. Could unforeseen behaviors arise? Yes. However, these aspects primarily pertain to technical, security, and procedural matters, which do not determine the custodial classification of an application or business. 

Legal Team
For more inquiries, please reach out to legal@dfns.co

Where is Dfns headquartered?

Dfns is incorporated in Paris, France. Dfns SAS serves as the main entity, while Dfns US Inc, a wholly owned subsidiary, is incorporated in Delaware, US. Additionally, two other wholly owned subsidiaries are incorporated within the EU.

Dfns Headquarters

Under which regulations is Dfns governed?

We fully comply with the legal requirements in the areas where we conduct our operations. However, certain aspects fall under the jurisdiction of French law.

For more information, contact legal@dfns.co

Does Dfns support KYT and AML screening?

We collaborate with leading vendors such as Chainalysis and Elliptic for KYT/AML processes.

Who manages and verifies the list of wallet addresses?

Wallet addresses are managed and verified by Dfns’s clients.

Does Dfns possess any licenses for banking, financial, or payment services?

No, Dfns does not hold any such licenses.

Is Dfns subject to regulatory supervision?

No, the company is not under the supervision of any national regulator or authority.

How does Dfns address compliance, AML/CFT, risk management, and internal audit?

As a technology provider, Dfns’s clients are responsible for implementing AML/CTF processes.

Does Dfns plan to become a qualified custodian in the future?

No, we have no plans for that today.

Risk

Is there a possibility of encountering legal risks with Dfns?

Yes, there is always an inherent legal risk associated with any vendor contract. Hence, it is important to examine our Master Cloud Agreement and consider legal counsel before opting for Dfns services. That said, Dfns takes pride in our unblemished record, having remained lawsuit-free among clients for over 3 years. The satisfaction of our clientele is a testament to our robust client support and product excellence.

To get our MCA, please contact sales@dfns.co

Are there any external claims to Dfns’s code's legal rights?

No, besides Dfns, no external entity asserts legal rights to the code.

Has Dfns or its beneficial owners been involved in investigations or negative news?

No, there have been no investigations or negative news involving Dfns or its beneficial owners.

Intellectual Property

What is the licensing status of the code?

Dfns’s code is a blend of open-source and proprietary components. You can find our open-source libraries on our GitHub. 

What are the license terms for Dfns?

Dfns follows a SaaS model for distribution, granting clients access to services. Third-party open-source software integrated into Dfns is governed by relevant open-source licenses when used independently.

Privacy

Does Dfns retain Personally Identifiable Information (PII)?

Only for legitimate communicated business purposes and with consent. Our system stores a limited set of PII, including email addresses, company names, and user-specified object names. Additionally, your key material is distributed across multiple key hosting clusters to prevent centralized storage. Daily backups are performed for all databases and key material. All data is encrypted both at rest and in transit within our system.