Transparency
Security
How NHBC protects wallet-based membership and governance integrity, and how to report a concern.
Membership
On-chain membership
Membership is represented by Unlock Protocol keys on Base mainnet. The application checks each member's wallet against NHBC's configured Unlock locks server-side and only grants member access when an active, unexpired key is present.
Authentication
Wallet sessions
NHBC uses Privy for wallet-based authentication. A logged-in wallet is not automatically a member — every member or board route re-checks membership and role against the on-chain key and the admitted members record.
Integrity
Hash-chained audit log
Governance and membership state changes are written to an append-only audit_events table. Each row links to the previous via a hash over a canonical payload, making deletions or edits detectable. The member governance hub surfaces the trail.
Responsible disclosure
Report a security concern
If you believe you have found a vulnerability, email bot@nhbc.io with a clear description, reproduction steps, impact, and any affected URLs. Do not include private keys or unrelated personal data.