Security Policy

1. Security Overview

At Easycryptochain, we take a multi-layered approach to security, combining infrastructure hardening, encryption, operational security controls, and continuous monitoring to protect customer funds and personal data.

2. Data Encryption

All communications between your browser and our servers are encrypted using TLS 1.3. Sensitive data including passwords and private keys are hashed using industry-standard bcrypt/argon2 algorithms. Database contents are encrypted at rest using AES-256-GCM.

3. Fund Storage & Custody

We maintain the highest security standards for crypto asset custody:

• Cold storage: At least 95% of all customer cryptocurrency is held in air-gapped cold wallets inaccessible from the internet.
• Multi-signature wallets: Large withdrawals require multiple independent key holders to sign.
• Segregated funds: Customer assets are held separately from company operational funds at all times.
• Insurance: Our hot wallet holdings are covered by our security insurance policy.

4. Authentication & Access

We strongly encourage all users to enable two-factor authentication (2FA). We support:

• Authenticator app-based TOTP (Google Authenticator, Authy)
• Email-based verification for new device logins
• Session management — view and revoke active sessions from your account settings
• Automatic logout after periods of inactivity

5. Infrastructure Access Controls

Access to our production infrastructure is limited to essential personnel only. All admin actions are logged and audited. We enforce the principle of least privilege — staff can only access systems necessary for their role.

6. Monitoring & Threat Detection

Our security team monitors platform activity 24/7 using automated anomaly detection, rate limiting, IP analysis, and behavioural analysis. Suspicious login attempts, unusual withdrawal patterns, and API abuse trigger immediate automated lockdown procedures.

7. Incident Response

In the event of a security incident, we will:

• Contain the incident immediately and assess its scope.
• Notify affected users within 72 hours of becoming aware of the breach.
• Cooperate fully with relevant authorities and regulators.
• Provide transparent post-incident reports to affected users.

8. Your Security Responsibilities

You play an important role in keeping your account secure. We recommend:

• Enabling 2FA on your account immediately after registration.
• Using a unique, strong password not used on any other site.
• Never sharing your seed phrases, private keys, or login credentials with anyone.
• Verifying our URL (https://easycryptochain.com) before entering credentials — beware of phishing sites.
• Keeping your email account and devices secure.
• Reporting suspicious activity to our support team immediately.

9. Responsible Disclosure / Bug Bounty

We welcome security researchers who responsibly disclose vulnerabilities. If you discover a potential security issue, please contact us at security@easycryptochain.com before public disclosure. We will investigate all reports and reward significant findings.

10. Contact Security Team

For security-related concerns, email security@easycryptochain.com or visit our contact page. For urgent account security issues, contact live support immediately.