How we secure your data

Strong Encryption Standards

We encrypt all user secrets linked to your wallets through a 256-bit AES cipher and 25,000 PBKDF2 hash rounds. This makes cracking a single Wallet PIN extremely resource intensive: requiring over 1 million days on state of the art computers today!

Zero Knowledge of your Secrets

We are unaware of your Wallet PIN, and cannot recover these even if we tried. Your Wallet PIN is never sent over the network.

We minimize use of Secrets

We use Multi-signature wallets built on top of Hierarchical Deterministic wallets (HD wallets), as outlined by the BIP0032 standard, to generate new addresses for your account without ever needing access to old or new addresses' private keys.

Security Best Practices

Our website and API libraries use the up-to-date security standards such as BIP0062, and RFC6979.

Continuity, integrity, and transparency

Backups

Backups of all (encrypted) account data are made to "cloud servers" on 4 continents every hour.

Ongoing Security Audits

We work with over 1,000 security experts to discover hidden security issues before the bad guys do.

Account audits via the Block Chain

All addresses on our system are on-chain and that makes them publicly auditable through third-party Block Explorers. You can always verify your PaxexPay wallet balances are accurate using a block explorer of your choice.

Always-On Infrastructure

Our entire infrastructure is built to be redundant, eliminating all single points of failure. We target over 99.999% system availability.

Other ways we protect your security

Client-side signing

We provide a growing number of libraries that allow you to sign your transactions yourselves, outside of PaxexPay.

Third party verification

The "Green Bar" showing our company name and jurisdiction promises you that you are on PaxexPay, not an imposter site.

No password systems

None of our systems use passwords for access control, and all our internal systems are isolated from public access.

Highly available 24/7

We target over 99.999% system availability to ensure you always have access to your account 24 hours daily, all year round.



What you can do

Being a user-facing service, PaxexPay needs your help in order to ensure your security. You, as the account owner, are responsible for the safety of your account credentials, Wallet PIN, and Secret Phrase words. We recommend you follow these guidelines.

Use Wallet PIN authentication.

We can make sure it's you who's logging into your Wallet by prompting you for your enabled wallet PIN. You must use enter your wallet PIN to login if you have enabled Wallet PIN through your account.

Do not share your secrets.

Your Wallet PIN is the key that controls your coins, and your Secret Phrase words are the only key to reset your Wallet PIN in an emergency. You should never, ever share your Wallet PIN and Secret Phrase words with anyone.

Save your secrets offline.

Always store your Wallet PIN and Secret Phrase words in a safe place. Storing them in e-mail accounts or in un-encrypted text files on your computers is definitely not recommended. If you do not know how to secure your Wallet PIN and Secret Phrase words electronically, just write them down on pieces of paper, and remember where you keep these pieces of paper!