Perpetual guard.Your rules, enforced.
A policy engine operating inside a Trusted Execution Environment — developed with Scytalex, the world leader in TEE policy engine development. Your governance rules, sealed in silicon and enforced every time.
A policy engine. Sealed in silicon.
SENTINEL is a policy engine operating inside a Trusted Execution Environment (TEE)— a hardware-isolated enclave where code and data are protected even from the operating system that hosts them. Developed with Scytalex, the world leader in TEE policy engine development, the Vaulnox SENTINEL is a set of governance rules that resides in a fully encrypted environment.
SENTINEL is the second layer of Vaulnox security. Asset Protection MPC protects the cryptography of your keys. SENTINEL protects the behaviorof your wallet — what transactions are allowed, by whom, under what conditions, and at what time. If a request or transaction would violate one of your governance rules, SENTINEL blocks the event before any signature is ever computed.
MPC protects the key. SENTINEL protects the rules. Together they form a complete asset protection framework.
Configured in private. Enforced in force.
When you first set up a vault with Vaulnox, your rules travel a dedicated encrypted path from your device into SENTINEL — and stay there.
AEGIS Interview
Your answers encrypted locally
You configure SENTINEL through a confidential interview with AEGIS. Every answer is encrypted on your device before it leaves.
Encrypted Tunnel
Straight into the TEE
Your answers travel a direct cryptographic channel into the Trusted Execution Environment. Vaulnox operators are not on the path.
SENTINEL on Guard
Every request, every event
SENTINEL compiles your rules inside the TEE and remains on perpetual guard — evaluating transactions, verifying permissions, validating life events.
A few of the levers SENTINEL can pull.
SENTINEL evaluates every transaction and life event against the rules you configured through AEGIS. A handful of the most common:
Transaction Limits
Caps on single transaction size, daily totals, weekly or monthly spend — per wallet, per asset, or across the vault. Larger amounts escalate to additional approvers.
Time-of-Day & Velocity
Business-hours windows, weekend holds, cooling-off periods between transactions, and velocity controls that slow rapid outflows to a deliberate pace.
Address Whitelists
Pre-approved counterparties, exchange deposit addresses, and known wallets. Unknown destinations require explicit review, co-signer approval, or a mandatory delay.
Multi-Party Approval
Co-signer requirements and threshold approvals — for example, any transaction over a set amount requires a supervisor, a CEO, or a designated protector to countersign.
Geofencing & Jurisdiction
Permitted countries or regions for transaction initiation. Attempts from anywhere else are blocked or escalated for human verification.
Asset Restrictions
Rules that differ by asset class — stricter thresholds for Bitcoin or Ethereum, different approvers for stablecoins, blocked categories entirely if you choose.
Inheritance & Dormancy
Triggers for verified death or disability, and dormancy timers that initiate heir transition if the account has not been accessed for a period you define.
Lockdown & Duress
Total lockdown on demand, protector-only mode for credible threats, and duress protocols that respond to coercion without tipping off the coercer.
Key Share Restoration
Conditions under which SENTINEL may validate a lost device event, confirm identity, and restore a key share — controlled entirely by policy, not by Vaulnox staff.
Wallet inheritance. Built into the cryptography.
Vaulnox is the first wallet service providerto offer a wallet inheritance feature built directly on a 2-of-3 Asset Protection MPC architecture. Under circumstances you define — death, disability, or simply failing to log in for a sustained period — SENTINEL initiates a verification process and transitions wallet ownership to the heir you designated.
No probate court. No seed phrase hidden in a safe deposit box whose existence dies with you. No exchange account that gets frozen when the platform receives a death certificate. The entire transition is carried out by SENTINEL inside the TEE, on rules you set years in advance, with heirs you named and never disclosed to Vaulnox.
Your wishes, compiled into cryptography, waiting patiently to execute.
Roles, limits, and approvals. Exactly as your business runs.
SENTINEL can be configured to require permissions from different parties depending on the amount and the asset involved. A business holding digital assets rarely needs one person with total access — and SENTINEL lets you model your real internal controls.
Clerk
Initiates and enters the transaction request.
Supervisor
Reviews and provides the first approval.
Colleague
Provides co-approval — no unilateral signatures.
CEO
Countersigns amounts over your escalation threshold.
Accountant
Read-only view of the completed transaction record.
Auditor
Independent verification of transaction occurrence.
Every role is cryptographically enforced. A clerk cannot sign alone. A supervisor cannot approve alone. The CEO cannot be bypassed on large amounts. SENTINEL doesn’t rely on an honor system — the rules are the system.
Protectors and lockdowns. No court can compel the key.
Vaulnox is the first service provider to offer the Vaulnox Virtual Asset Protection Trust™. Built on SENTINEL’s highly configurable permissions system, a wallet holder can designate one or more protectors to review transactions submitted by the client, and approve or deny those transactions.
If you sense a creditor threat or civil court action, you can place the wallet in a lockdown that prevents all transactions for a designated period. With SENTINEL guarding wallet assets, it is physically impossible for any creditor or civil court process to compel the transaction. Asset Protection MPC key shares remain fully encrypted, and Vaulnox has no ability to decrypt them.
A subpoena can demand a signature. It cannot produce one.
Business decisions. Algorithmically effected.
SENTINEL even provides governance for business entities. Clients who want to protect real-world assets — such as real estate — can order a Wyoming DAO LLC through Vaulnox. Membership remains confidential and out of the public eye. Management decisions are effected algorithmically, with members or designated parties approving or declining requests through SENTINEL.
When a contract or other business action is approved, SENTINEL produces an attestation reportthat third parties can verify on the Vaulnox website — proof the decision was properly authorized, without revealing who authorized it. The identities of members and decision makers remain fully encrypted on Vaulnox servers using advanced quantum-proof encryption.
No person — a creditor, civil court, divorcing spouse, or hacker — can access the SENTINEL.
Lose your phone. Keep your assets.
If you lose your phone or other device, SENTINEL can validate the event, confirm your identity, and restore a lost key shareunder the policy conditions you configured. The full MPC scheme continues without interruption — no seed phrase to dig out of a safe, no chain-of-custody nightmare, no frantic call to a support line.
Most other wallet service providers — including most of the major crypto exchanges — do not offer this capability. And cold wallets cannot compare: a lost cold wallet is a lost wallet. With SENTINEL, recovery is a policy outcome, not a miracle.
Included with every plan. Expanded with Premium.
Vaulnox makes a number of SENTINEL features available at our Free and Standardsubscription tiers. Additional capabilities — including advanced multi-party permissions, protector-based Virtual Asset Protection Trusts, and DAO LLC governance — are available on the Premium tier.
See the Pricing page for a full feature comparison across tiers.