Security & Trust

Institutional-grade security measures protect your investments and personal data with bank-level encryption and industry-leading safeguards.

Security First Approach

We've built security into every layer of our platform, from infrastructure to application code, ensuring your assets and data are protected by industry-leading standards.

Security Features

Multi-layered protection for your investments

End-to-End Encryption

All data is encrypted in transit with TLS 1.3 and at rest with AES-256 encryption.

TLS 1.3 for data in transit

AES-256 encryption at rest

Perfect forward secrecy

Zero-knowledge architecture

Multi-Factor Authentication

Multiple authentication layers protect account access with hardware security keys.

2FA via SMS and authenticator apps

Hardware security key support

Biometric authentication

Device verification

Cold Storage

Digital assets are stored offline in multi-signature cold storage wallets.

Multi-signature cold storage

Hardware security modules

Geographic distribution

Air-gapped systems

24/7 Monitoring

Continuous security monitoring and threat detection across all systems.

Real-time threat detection

Automated incident response

Behavioral analysis

Security operations center

Certifications & Compliance

Independently verified security standards

SOC 2 Type II

Independent audit of security controls and operational effectiveness.

Certified

Valid until 2025

ISO 27001

International standard for information security management systems.

Certified

Valid until 2025

GDPR Compliant

Full compliance with European data protection regulations.

Compliant

Valid until Ongoing

PCI DSS Level 1

Highest level of payment card industry security standards.

Certified

Valid until 2025

Financial Protections

Insurance and safeguards for your investments

Up to $500M

SIPC Insurance

Securities Investor Protection Corporation insurance coverage.

Licensed

Custody Partners

Regulated third-party custodians hold investor assets.

Quarterly

Penetration Testing

Regular security testing by independent cybersecurity firms.

Up to $50K

Bug Bounty Program

Rewards for security researchers who identify vulnerabilities.

Security Practices

Comprehensive security across all areas

Infrastructure Security

AWS security best practices

Network segmentation and firewalls

DDoS protection and mitigation

Intrusion detection systems

Regular security patching

Application Security

Secure code development lifecycle

Static and dynamic code analysis

Regular security code reviews

Dependency vulnerability scanning

Input validation and sanitization

Data Protection

Data classification and handling

Privacy by design principles

Data retention policies

Secure data disposal

Regular backup and recovery testing

Access Control

Principle of least privilege

Role-based access control

Regular access reviews

Privileged account management

Zero-trust architecture

Report Security Issues

If you discover a security vulnerability or have concerns about our security practices, please contact our security team immediately.

security@cynex.io