Account Security

How your account is protected — and what you are responsible for

Hilo is designed to be decentralized and non-custodial. This means we do not hold your passwords, private keys, or login credentials.

Your account security is fully under your control.

How Hilo Accounts Work

Hilo uses Privy, a third-party authentication provider, to create accounts with zero friction.

You can sign in using:

• Google

• X (Twitter)

• Telegram

• Your crypto wallet

You simply choose your preferred method and log in.

Hilo never sees, stores, or controls:

• Your passwords

• Your private keys

• Your login credentials

• Your recovery methods

Important: Your Responsibility

Because Hilo does not custody your credentials:

• You are fully responsible for securing your login method

• Anyone who can access your Google, X, Telegram, or wallet can access your Hilo account

• If your login method is compromised, your Hilo account is also compromised

This is what makes Hilo more decentralized — we cannot control who accesses your account, and we do not want to.

What Hilo Does NOT Store

To be 100% clear:

We do NOT store:

• Passwords

• Private keys

• Recovery phrases

• Wallet seed phrases

• Social login credentials

We cannot see them. We cannot reset them. We cannot recover them.

How to Secure Your Login Methods

Since your Hilo account depends on your login provider, it’s important to secure them properly.

Securing a Crypto Wallet

If you use a crypto wallet to log in:

• Never share your private key or seed phrase

• Store your recovery phrase offline

• Use a hardware wallet if possible

• Do not connect your wallet to unknown websites

• Beware of phishing links

• Use wallet password protection

Anyone with your private keys can access your Hilo account.

Securing Google, X, Telegram, and Email

If you use social or email-based login:

• Enable 2-factor authentication (2FA)

• Use a strong, unique password

• Do not reuse passwords across platforms

• Avoid clicking unknown links

• Watch out for fake login pages

• Secure your email account first (it controls resets)

If someone gains access to these, they can also access your Hilo account.

What to Do If Your Account Is Compromised

If you believe your account has been accessed by someone else:

1. Secure your login provider immediately (Google, X, Telegram, or wallet)

2. Change your passwords or revoke sessions

3. Contact the provider’s support team

4. Then contact Hilo support to inform us

Because we do not hold your credentials, you must contact the login provider first.

Why Hilo Is Built This Way

This design makes Hilo more:

• Decentralized

• Trust-minimized

• Privacy-preserving

• Resistant to centralized breaches

We cannot see your credentials. We cannot misuse them. We cannot leak them.

And we don’t want to.

Final Notes

• Hilo is not responsible for compromised third-party accounts

• You control your access

• You control your security

• You control your recovery

If you need help or guidance, our support team is always available.