How we protect your data
Encryption at rest and in transit
Your exchange API keys are encrypted with AES-256-GCM before they touch our database. All traffic uses TLS 1.3. We only request read-only permissions — we can never move your funds.
ENC | api_key = AES-256-GCM(key, master, iv)
ENC | secret = AES-256-GCM(secret, master, iv)
TLS | proto = TLS 1.3 | CHACHA20-POLY1305
DB | algo = AES-256 | mode = GCM
SES | cookie = HttpOnly; Secure; SameSite = Lax
Secure infrastructure
Deployed on a global edge network with automatic DDoS protection, managed PostgreSQL with encrypted backups, and strict Content Security Policy headers.
Intelligent rate limiting
23 configurable tiers of per-user and per-IP rate limiting prevent brute-force attacks, API abuse, and resource exhaustion.
Complete audit trail
Every sensitive action is logged — login attempts, role changes, data exports, exchange syncs. Full context: who, what, when, and from where.