Security Model

How Heliox approaches asset protection and product integrity

Heliox's security model is built around three ideas: user-controlled vaults, governed upgrades, and separation between product controls and Safe-native recovery. Public docs keep these guarantees directional and high-level.

The Three Pillars

User-Controlled Vaults

Strategy balances live inside user-controlled Safe vaults rather than a Heliox custody wallet.

Governed Changes

Sensitive execution changes go through governed controls rather than silent replacement.

Separate Recovery

Safe-native ownership and recovery remain distinct from the Heliox product interface.

What Governance Can Do

Governance can still change configuration, pause product paths, and manage automation access. Safe-native ownership and recovery remain distinct from those product controls.

What Public Docs Do Not Promise

That the Heliox app is the only possible recovery path for vault assets.
That every engineering control is already exposed in the current product UI.
That a public docs page is a complete operator runbook.
User Self-DefenseUsers retain Safe-native recovery outside the Heliox app. If Heliox is paused, unavailable, or changing, vault owners should treat Safe itself as the canonical control plane for asset recovery.