🔓Security and Compliance
Encryption
Data Encryption at Rest: Utilizing tools like AWS KMS or Azure Key Vault for managing encryption keys and ensuring sensitive data is encrypted at rest.
TLS for Data in Transit: Ensuring all data transmitted over the network is encrypted using TLS 1.3.
Authentication and Authorization
OAuth 2.0 & OpenID Connect: For secure, token-based user authentication and authorization.
Role-Based Access Control (RBAC): Defining and enforcing user roles and permissions to ensure users can only access data and perform actions they are authorized.
Security Audits
Vulnerability Scanning: Regularly scanning application and network layers for vulnerabilities using tools like Nessus or OpenVAS.
Penetration Testing: Conducting periodic penetration tests to identify and mitigate potential security threats in a controlled environment.
Privacy is at the heart of TXN Club and has been engineered from the ground up with security and privacy in mind (see tech stack for more details).
2FA: TXN Club's web application and mobile app will utilise 2FA technology to create a secondary verification of identity and prevent unwanted logins. In accordance with the Apple App Store and Google Play Store, the mobile application will adhere to the strict security requirements and undergo an official audit prior to listing.
Digital fingerprinting:
For the mobile application, digital fingerprinting is an additional security setting users can activate to further secure their account from unwanted physical hacks. On devices with support, the native security/locking mechanism can be activated in order to access the app - this includes Face ID from Apple.
Encryption:
TXN Club utilises a series of contracts for executing on-chain transactions which are encrypted as they are based on ethereum. Furthermore, off chain activity such as profiles will undergo robust and rigorous encryption in line with the highest commercial standards in order to secure user privacy.
Last updated