# Security Aspects Partner contracts are audited at deployment, but operational security (OPSEC) is what actually keeps your earnings safe day to day. If you own a partner contract and the private key controlling it is leaked, your accumulated revenue can be claimed and stolen the moment you generate it. ## 1. Purchase a Trezor or Ledger Hardware Wallet * Buy hardware wallets only from certified resellers. Counterfeit or pre-tampered devices are a known supply-chain attack vector — never accept one from an unverified secondary market. ## 2. Use a Proper Way of Seed Backup * Engrave the seed on a metal plate. Paper degrades, burns, and waterlogs; metal does not. * Consider a Shamir backup (split-seed scheme) so a single physical incident does not lose the keys. See the Trezor Shamir documentation for the implementation reference. * Reasonable Shamir quorums for a partner are **2/3** for solo operations or **3/5** for a small team. * Never store the seed digitally — no photos, no cloud notes, no password managers, no email drafts. * Prepare your backup device offline, on a clean machine, with no networking. * Use a PIN of at least **6 digits** for daily-use devices and at least **10 digits** for backup devices held in cold storage. ## 3. Use a Multisig Wallet * For partner contracts that earn meaningful revenue, place ownership behind a multisig contract such as Safe (formerly Gnosis Safe). * Ownership can be transferred from a single EOA to a multisig at any point — you do not have to start with one to add it later. * A multisig protects against physical attacks: even if one signer is compromised or coerced, the attacker cannot move funds without meeting the quorum. * A **2/3 quorum** is a reasonable default — high enough to defeat single-key compromise, low enough to keep operations workable. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.celestium.digital/for-partners/about-partner-contract/security-aspects.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.