Workspace email log in

The short version

Safe{Wallet} is and remains self-custodial. Adding email login or accepting an email invite does not change that. Your assets are controlled by your signer keys and your Safe Account's smart contract never by your email address, and never by us. Email is a convenience layer for logging in and for collaborating in shared workspaces. It is not a key to your funds.

If you only read one thing: your email cannot move your money, and we never write your email to the blockchain.

1. Why does a self-custodial wallet ask for my email at all?

Two reasons, both optional and both off-chain:

• Easier sign-in. Email login lets you access the Safe{Wallet} app interface without hunting for a browser extension or hardware wallet every time. It authenticates you to the app, it does not authenticate transactions on-chain.

• Team collaboration. In a shared Workspace, an admin can invite teammates by email so they can be added to the workspace before everyone's wallet addresses are known.

Email is a UX and collaboration feature. The custody model underneath is unchanged: transactions are still authorized by your signer key(s) and your Safe's threshold.

2. Does logging in with email mean Safe controls my funds?

No. This is the most important distinction.

• Login ≠ custody. Email login signs you into the application. Authority over your Safe Account comes from your signer keys and the account's on-chain threshold (e.g. 2-of-3). We do not hold those keys.

• We cannot move your assets, freeze them, or sign on your behalf, regardless of how you logged in.

• Losing access to your email could mean losing access to that login method — it does not hand anyone control of your Safe.

3. How email login works

It's a one-time code (OTP), not a magic link. You enter your email, receive a numeric code, and enter it to sign in.

The identity provider is Auth0. The flow is a standard OIDC authorization redirect, brokered by Safe Client Gateway (CGW), so the app never handles your credentials directly: app → CGW /v1/auth/oidc/authorize → 302 redirect to Auth0 → you verify with the OTP → redirect back → CGW sets an HTTP-only JWT session cookie. The session lasts 24 hours, then you re-authenticate.

Login methods are bound to your email. If you first signed in with email OTP, you must keep using email; if you used Google, you must keep using Google. You can't mix methods on the same address.

4. What if you lose access to your email

Your funds are never at risk, because the email login is app-session authentication only (a JWT cookie for the workspace) — it is not a signer key and does not custody anything. Your Safe Account is controlled by its on-chain signer keys and threshold, reached via your wallet, independently of how you log into the app.

5. Is email login as secure as connecting a wallet?

They protect different things. Wallet signing protects transactions; email login protects app access. We recommend email login for convenience and for users who want a smoother entry point, but for high-value operations the on-chain threshold and signer keys remain the real security boundary.

Email invites

6. What is an email invite?

In a shared workspace, an admin can invite a teammate by email address, wallet address, or ENS name. An email invite lets someone be added to a workspace before their wallet address is known — useful for onboarding a team.

7. If someone invites me by email, what does Safe learn about me?

Only what's needed to deliver and accept the invite: your email address and a display name derived from it.

• Accepting an invite does not give the workspace or its admin any control over your personal assets.

• A workspace is a collaboration layer. Your individual Safe Accounts and keys remain yours.

8. Do I have to use my email to join a workspace?

No. You can join with a wallet address. Email is offered for convenience, not required.

9. Who can see my email inside a workspace?

The intended principle: members see what's needed to collaborate, and email addresses are not broadcast beyond that.

How we store and handle emails

10. Where is my email stored, and is it encrypted?

Your email is stored in Safe Labs' backend systems — off-chain, on managed cloud infrastructure (AWS), the same infrastructure described in our Privacy Policy for database data. It is never written to the blockchain.

The data is encrypted at rest: the underlying storage is encrypted, so the data can't be read from the physical disk itself.

11. Is my email ever written to the blockchain?

No. The blockchain is public and permanent. We never write your email address (or other off-chain personal data like your name) to it. What goes on-chain are things inherent to using a smart-contract wallet — your Safe's contract address, signer addresses, and transaction data — never your email. This is a deliberate design choice precisely because blockchain data can't be deleted.

12. Do you sell my email or share it with advertisers?

No. We do not sell personal data. We do not use automated decision-making or profiling. We share data only with the sub-processors needed to run the service (e.g. cloud hosting and logging) under GDPR-compliant data processing agreements, and with legal/tax advisors or authorities where legally required.

GDPR & your rights

13. Who is the data controller, and how do I reach your DPO?

The controller is Safe Labs GmbH, Unter den Linden 10, 10117 Berlin, Germany. We process personal data under the EU GDPR and the German Federal Data Protection Act (BDSG). You can reach our Data Protection Officer at safelabs.dpo@techgdpr.com.

14. What's the legal basis for processing my email?

It depends on why we hold it:

• To provide the service you asked for (e.g. signing you in, delivering a workspace invite): performance of a contract / pre-contractual steps (GDPR Art. 6.1.b).

• Responding to support requests: our legitimate interest (Art. 6.1.f).

15. Can you delete my email if I ask?

Yes your email is held off-chain, so we can delete it on request, subject to any legal retention obligations. This is the key advantage of keeping email off-chain: unlike on-chain data, off-chain personal data like your email can be fully erased.

Safe Labs

15 June 2026

Copy link