Security

How we protect your data and trading information

Security is fundamental to Apex. We implement industry-standard security practices to protect your account, trading data, and payment information.

Authentication

  • JWT token-based authentication
  • Bcrypt password hashing with salt
  • Secure session management
  • Automatic token expiration

Data Encryption

  • TLS 1.3 for all data transmission
  • HTTPS-only connections enforced
  • Encrypted database connections
  • Sensitive data encryption at rest

Database Security

  • PostgreSQL with access controls
  • Automated daily backups
  • Input validation and sanitization
  • SQL injection prevention

Infrastructure

  • DDoS protection enabled
  • Firewall and network segmentation
  • Regular security updates
  • Monitored server access logs

API Security

Authentication & Authorization

  • Bearer token authentication
  • Role-based access control
  • Request signature verification

Rate Limiting & Protection

  • API rate limiting per user
  • Brute force attack prevention
  • CORS policy enforcement

Payment Security

We use cryptocurrency payments exclusively, which provides enhanced security:

  • No credit card storage: We never store credit card information
  • Blockchain transparency: All transactions verifiable on-chain
  • No chargebacks: Eliminates fraud risk
  • Wallet addresses only: We only see your payment wallet address
  • Private keys never shared: You maintain full custody of your funds

Monitoring & Incident Response

24/7 Security Monitoring

  • Real-time error logging and alerting
  • Suspicious activity detection
  • Automated intrusion detection

Incident Response Plan

In the event of a security incident, we follow a structured response process:

  1. Immediate containment and mitigation
  2. User notification within 24 hours
  3. Full investigation and root cause analysis
  4. Implementation of additional safeguards
  5. Post-incident report and transparency

Best Practices for Users

Help us keep your account secure by following these recommendations:

  • Use strong passwords: Minimum 12 characters with mixed case, numbers, and symbols
  • Enable notifications: Get alerts for suspicious login attempts
  • Don't share credentials: Never share your password or API keys
  • Secure your email: Your email account is the key to password recovery
  • Log out on shared devices: Always log out when using public computers
  • Be wary of phishing: We'll never ask for your password via email

Data Privacy

  • We do NOT sell your data: Your trading information remains private
  • Trading data isolation: Your analyses are not shared with other users
  • Minimal data collection: We only collect what's necessary for the platform
  • Data deletion rights: Request account and data deletion anytime

For more details, see our Privacy Policy

Compliance & Standards

Apex adheres to industry security standards and best practices:

  • OWASP Top 10 security guidelines
  • GDPR-compliant data handling
  • Regular security audits
  • Secure development lifecycle

Report Security Issues

If you discover a security vulnerability, please report it responsibly:

Security Email: [email protected]

General Support: [email protected]

We appreciate responsible disclosure and will respond to verified reports within 48 hours.