Enterprise-Grade Security
Your funds and data protected with military-grade encryption
🛡️ Security Measures
🔐 API Key Encryption
All exchange API keys encrypted with AES-256-GCM encryption. Keys are never stored in plain text and are encrypted at rest with individual encryption keys per user.
🔑 JWT Authentication
Industry-standard JWT tokens with 15-minute expiry for access tokens and 7-day refresh tokens. Automatic token rotation and secure httpOnly cookie storage.
🚫 No Withdrawal Permissions
EnigmAPI never requests withdrawal permissions on your exchange accounts. All API keys are scoped to trading only - your funds never leave your exchange account.
🌐 Infrastructure Security
Hosted on Fly.io with PostgreSQL 16 database, automatic backups, and geo-distributed infrastructure. All connections use TLS 1.3 encryption.
📊 Audit Logs
Complete audit trail of all API key usage, bot deployments, and trading activity. Real-time monitoring with Sentry error tracking.
🔄 Environment Isolation
Separate TEST and LIVE environments. Test your strategies in sandbox mode before deploying to production with real funds.
🎯 Compliance & Best Practices
- GDPR Compliant: Full data privacy compliance for EU users
- CCPA Compliant: California Consumer Privacy Act compliance
- Password Security: Bcrypt hashing with 12+ rounds, 12+ character minimum
- Rate Limiting: Protection against brute force and DDoS attacks
- Input Validation: All user input sanitized and validated via Pydantic
- SQL Injection Prevention: Parameterized queries and ORM-based data access
🚨 Security Contact
If you discover a security vulnerability, please report it to security@enigmapi.com. We take all security reports seriously and will respond within 24 hours.