Safety of Bitsgap platform is our top priority. We use a combination of encryption, API configuration, and technical safeguards to protect our users' accounts. Additionally, our system filters all incoming requests to get any confidential information about our customers' data.
Your account is protected by:
- All user data undergoes AES-256 encryption and remains completely confidential. Even their individual fragments (both encrypted and not) are never transmitted to clients.
- The hashing of your credentials is implemented on the platform via RSA-2048 encryption.
- Each request to the system passes through tested and secure protocols with SSL certification.
- Complex password support. You can use a long and mixed password with a combination of letters, numbers, and symbols.
- Multi-factor authentication (2FA) with confirmation of the one-time password generated by the device. This is a free and autonomous service we encourage every customer to use.
- All successful and failed login attempts are recorded with timestamps, IP addresses, and user locations. It automatically checks the authenticity of the e-mail, which cannot be fictitious.
- Failed login attempts (exceed the designated limit) result in blocking the account and IP address for an extended period of time.
- Use of heuristic algorithms to monitor the unusual activity on the account. Upon detection, any access to your account is immediately blocked, and all active sessions are terminated.
- All user information is stored on a secure network, that no one outside of the company has access to. It is protected by a firewall, and even inside Bitsgap, only a few people have access to this network.
- As an extra security measure, when a user adds API keys, the system always checks, whether the API key has an option to withdraw funds. If the withdraw option is allowed, the API key will be rejected.