Security

Money apps live or die by how they handle security. Here's our approach in plain English.

Where your money sits

Fluid balances are denominated in AUDD — an Australian-dollar stablecoin issued by AUDC Pty Ltd. AUDC is regulated under an Australian Financial Services Licence (AFSL) granted by ASIC, registered with AUSTRAC, and a member of AFCA (the Australian Financial Complaints Authority).

AUDD is fully backed 1:1 by Australian dollar reserves held in a segregated account at a major Australian bank. Reserves are subject to independent attestation. Fluid does not hold customer funds — AUDC does, under regulated conditions.

Custody

Fluid is non-custodial. Your wallet keys are generated and stored on your device, encrypted with secure enclave hardware where available (iOS Secure Enclave, Android StrongBox). We never see your private keys, can't move your funds without your signature, and can't freeze your account.

If you lose your device, you can recover access using a recovery phrase you set up at first install. We strongly recommend writing this down and storing it somewhere safe — it is the only way to restore your wallet.

On-chain transparency

Every Fluid payment settles on Solana mainnet — a public blockchain. That means every transaction is permanent, timestamped, and independently verifiable on block explorers like Solscan and Solana.fm. You don't have to trust us — you can audit the chain.

AML & identity

Where required by Australian law, AUDC performs identity verification (KYC) before issuing or redeeming AUDD against fiat. Fluid integrates with AUDC's onboarding so this happens once, at the start, not every transaction. We follow AUSTRAC's anti-money-laundering and counter-terrorism-financing requirements.

Code & audits

Fluid's smart contracts will be audited by an independent firm before mainnet launch. Audit reports will be published here. The underlying Solana protocol has been operating mainnet since 2020 and is the subject of extensive ongoing security review by the Solana Foundation and the broader research community.

Reporting an issue

Found a security issue? Email security@fluid.au with details. We aim to respond within 48 hours and will credit responsible disclosures publicly (if you'd like). Do not post unpatched issues publicly — give us a chance to fix first.

Phishing

Fluid will only ever email you from @fluid.au domains. We will never ask you for your recovery phrase, password, or private keys — by email, SMS, phone, or in-app. If anyone asks, it's a scam. Forward suspicious messages to security@fluid.au.