# Account Security **How your account is protected — and what you are responsible for** Hilo is designed to be decentralized and non-custodial.\ This means **we do not hold your passwords, private keys, or login credentials.** Your account security is fully under your control. *** ### How Hilo Accounts Work Hilo uses **Privy**, a third-party authentication provider, to create accounts with zero friction. You can sign in using: * Google * X (Twitter) * Telegram * Your crypto wallet You simply choose your preferred method and log in. Hilo never sees, stores, or controls: * Your passwords * Your private keys * Your login credentials * Your recovery methods *** ### Important: Your Responsibility Because Hilo does not custody your credentials: * You are fully responsible for securing your login method * Anyone who can access your Google, X, Telegram, or wallet can access your Hilo account * If your login method is compromised, your Hilo account is also compromised This is what makes Hilo more decentralized — **we cannot control who accesses your account, and we do not want to.** *** ### What Hilo Does NOT Store To be 100% clear: We do NOT store: * Passwords * Private keys * Recovery phrases * Wallet seed phrases * Social login credentials We cannot see them.\ We cannot reset them.\ We cannot recover them. *** ### How to Secure Your Login Methods Since your Hilo account depends on your login provider, it’s important to secure them properly. *** #### Securing a Crypto Wallet If you use a crypto wallet to log in: * Never share your private key or seed phrase * Store your recovery phrase offline * Use a hardware wallet if possible * Do not connect your wallet to unknown websites * Beware of phishing links * Use wallet password protection Anyone with your private keys can access your Hilo account. *** #### Securing Google, X, Telegram, and Email If you use social or email-based login: * Enable 2-factor authentication (2FA) * Use a strong, unique password * Do not reuse passwords across platforms * Avoid clicking unknown links * Watch out for fake login pages * Secure your email account first (it controls resets) If someone gains access to these, they can also access your Hilo account. *** ### What to Do If Your Account Is Compromised If you believe your account has been accessed by someone else: 1. Secure your login provider immediately (Google, X, Telegram, or wallet) 2. Change your passwords or revoke sessions 3. Contact the provider’s support team 4. Then contact Hilo support to inform us Because we do not hold your credentials, you must contact the login provider first. *** ### Why Hilo Is Built This Way This design makes Hilo more: * Decentralized * Trust-minimized * Privacy-preserving * Resistant to centralized breaches We cannot see your credentials.\ We cannot misuse them.\ We cannot leak them. And we don’t want to. *** ### Final Notes * Hilo is not responsible for compromised third-party accounts * You control your access * You control your security * You control your recovery If you need help or guidance, our support team is always available. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hilomarket.com/help/readme/account-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.