Everything you need to know!
Are you secure?
There is a short and a long answer, short YES. On the other side continue reading.
We will explain how the service works, how we encrypt and decrypt your secrets and how we keep it safe.
How about the encryption?
We are storing very sensitive information from you and we keep it as safe as possible.
Every exchange credential is RSA PKCS1 OAEP with SHA512 encrypted.
The key was generated in a secure location with a true random hardware number generator (TRNG) and will never leave that device. Different technologies are used to make sure that the location will never be unveiled and is strictly monitored.
Why Google as login?
Creating and implementing your own authentication method is always prone to erros and we do not like to have errors with it (safety first). The Google login, or rather Oauth2 protocol is proven to be secure and easy to implement.
We will implement other provider in the future, but we had to start somewhere and Google is a wildly accepted.
Can I encrypt my own keys?
We want to be as transparent as possible and want to allow you to encrypt your secrets on your own computer.
This means that the credentials will never be transmitted unencrypted over the internet.
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
Learn how to encrypt your credentials.
Whitelist IP address
When we access the exchanges we are using ip 184.108.40.206 to access them. You should whitelist us and make sure that the api keys will only be used from that ip address.
Please note that this ip address can change without further notice (we try not to).