1. All user data is encrypted with AES 256-bit encryption and sensitive user data (encrypted or not) is never returned to the client
2. Every request on Coinigy goes through a verified and secure SSL
3. Coinigy uses a multi-tiered server architecture with complex credentials to ensure server integrity
4. Coinigy never handles your funds directly. All funds remain stored in the exchange's wallets.
5. All user requests are filtered and checked on the front-end and back-end for XSS, CSRF, Clickjacking and Session Impersonation attacks
6. We use only parameterized queries to the database to further prevent injection attacks
7. Coinigy is hosted in Google's datacenters and our team has a combined 30 years experience in web security and best practices.
Now let's talk about some of the features we have that you can use to help keep your accounts secure.
1. Coinigy supports passwords up to 40 characters. Use a long, unique and complex password with a mix of alphanumeric characters and symbols.
2. Coinigy also supports Two-Factor Authentication (2fa) using Google Authenticator. This is a free, offline service that doesn't use Google's servers.
3. Coinigy encourages you to set restrictions on your exchange API keys which limit the capabilities they have to just the functionality you want to use on Coinigy.
4. It is the user's responsibility to keep both their Coinigy account and their exchange accounts secure.