Security @ Blockpit

At Blockpit, security and privacy are core principles that guide the design and operation of our platform. Handling sensitive data requires a high level of trust, and we ensure that this trust is earned through rigorous security practices and data protection measures. Below is an overview of the comprehensive security framework that we have implemented at Blockpit to safeguard user data.

Last update: 23.09.2024

Application Security

  • Blockpit hosts its services in Austria, using dedicated hardware instead of third-party cloud providers. By avoiding cloud platforms, we maintain full control over data storage and processing with high-availability-solutions, DDoS protection and stateful firewalls, further enhancing data security and privacy compliance under European regulations.
  • Passwords are securely hashed and stored using a PBKDF function like bcrypt. For enhanced convenience, we also offer authentication via Google or Apple, eliminating the need to store passwords on our platform.
  • We support token-based Two-Factor Authentication (2FA), providing an additional layer of security, significantly reducing the risk of unauthorized access.
    All data transmitted to and from Blockpit is encrypted using 256-bit encryption and served entirely over HTTPS.
  • Blockpit employs a third-party security firm to conduct vulnerability scanning and penetration tests on a periodic level.

API Keys & Wallets

  • All API keys are encrypted with AES-256-GCM before being securely stored.
  • We never ask for your private keys or any form of access to users' wallet.
  • Exchange API keys are integrated with read-only access.

Organisation

  • All employees undergo security and awareness training.
  • Access to customer data is limited to authorized employees who require it for specific job-related tasks. Access controls are strictly monitored to prevent unauthorized data exposure.
  • All employees are required to sign confidentiality agreements, ensuring the protection of user data and company-sensitive information.
  • We have implemented a comprehensive privacy policy published and updated on a regular basis on our website.

Anti-Fraud Measures

  • Watch out for Phishing attempts! Official communications from Blockpit are always sent from an @blockpit.io domain. Look out for suspicious or misspelled email addresses.
  • Our employees will never contact or communicate with you via telephone.
  • Our team will never ask you for account or wallet access, credit card information, or API keys with trading and withdrawal permissions. As a pure software provider, we are not involved in the custody or trading of crypto assets. Any claims to the contrary are attempts at fraud!


If you have any questions or concerns, please contact us at legal@blockpit.io