Security

Protecting your account and your funds is the foundation of everything we build.

Account protection

• Passwords are hashed with bcrypt — we never store them in readable form.
• Sessions are server-side and can be revoked instantly; signing out ends them everywhere.
• Email verification and password resets use single-use, time-limited links.

Funds & ledger integrity

• Every balance change is recorded in an append-only ledger — the single source of truth.
• Credits and debits are atomic and idempotent, so a balance can never go negative or be double-counted.
• Withdrawals are reviewed before payout, and deposits are confirmed on-chain before crediting.

Infrastructure

• All traffic is served over HTTPS.
• The platform runs on managed, regularly-patched cloud infrastructure with DNS-level protection.
• Administrative actions are logged to a tamper-evident audit trail.

Your part

Use a strong, unique password, keep your email account secure, and never share your login or one-time links. We will never ask you for your password.