Dragok Agent Pro
Back to Legal

Security Policy

Your security is our top priority. Learn about our comprehensive security measures.

Last updated: January 7, 2025

SOC 2 Type II Compliant
ISO 27001 Certified
GDPR Compliant
PCI DSS Level 1
Data Encryption & Protection

Encryption Standards

  • AES-256 encryption for data at rest
  • TLS 1.3 for all data in transit
  • End-to-end encryption for sensitive communications
  • Hardware Security Modules (HSMs) for key management

API Key Security

  • API keys encrypted with individual user-specific keys
  • Read-only permissions enforced for all exchange connections
  • Keys stored in secure, isolated environments
  • Regular rotation and validation of stored credentials

Database Security

  • Encrypted database connections and storage
  • Regular automated backups with encryption
  • Database access logging and monitoring
  • Principle of least privilege for database access
Infrastructure Security

Cloud Security

  • Multi-region deployment with automatic failover
  • Virtual Private Cloud (VPC) with network isolation
  • Web Application Firewall (WAF) protection
  • DDoS protection and traffic filtering

Access Controls

  • Multi-factor authentication (MFA) for all admin access
  • Role-based access control (RBAC) system
  • Regular access reviews and privilege audits
  • Secure bastion hosts for infrastructure access

Network Security

  • Network segmentation and micro-segmentation
  • Intrusion Detection and Prevention Systems (IDS/IPS)
  • Regular vulnerability scanning and penetration testing
  • Zero-trust network architecture implementation
API Security

Exchange Integration

  • Read-only API permissions enforced across all exchanges
  • No withdrawal or transfer capabilities through our platform
  • API rate limiting and request throttling
  • Secure API key storage with encryption at rest

Platform APIs

  • OAuth 2.0 and JWT token-based authentication
  • API versioning and backward compatibility
  • Request signing and validation
  • Comprehensive API logging and monitoring

Security Headers

  • Content Security Policy (CSP) implementation
  • HTTP Strict Transport Security (HSTS)
  • X-Frame-Options and X-Content-Type-Options
  • Cross-Origin Resource Sharing (CORS) controls
gDGA Token Security

Smart Contract Security

  • Smart contracts audited by leading security firms
  • Multi-signature wallet controls for contract upgrades
  • Time-locked contract modifications
  • Bug bounty program for smart contract vulnerabilities

Token Operations

  • Secure staking mechanism with slashing protection
  • Real-time monitoring of token transactions
  • Automated fraud detection for unusual patterns
  • Cold storage for platform token reserves

Wallet Integration

  • Support for hardware wallet connections
  • Wallet Connect integration for secure authentication
  • No private key storage on our servers
  • Transaction signing performed client-side
Monitoring & Incident Response

24/7 Security Monitoring

  • Security Operations Center (SOC) with round-the-clock monitoring
  • Automated threat detection and alerting systems
  • Real-time log analysis and correlation
  • Behavioral analytics for anomaly detection

Incident Response

  • Dedicated incident response team available 24/7
  • Documented incident response procedures
  • Automated containment and mitigation systems
  • Post-incident analysis and improvement processes

Threat Intelligence

  • Integration with global threat intelligence feeds
  • Proactive threat hunting and analysis
  • Regular security assessments and audits
  • Collaboration with security research community
User Security Best Practices

Account Security

  • Use a strong, unique password for your account
  • Enable two-factor authentication (2FA) immediately
  • Regularly review your account activity and settings
  • Log out from shared or public computers

API Key Management

  • Only provide read-only API permissions
  • Never share your API keys with anyone
  • Regularly rotate your exchange API keys
  • Monitor your exchange accounts for unusual activity

General Security

  • Keep your devices and browsers updated
  • Use reputable antivirus software
  • Be cautious of phishing emails and fake websites
  • Report suspicious activities immediately
Security Audits & Compliance

Regular Audits

  • Annual third-party security audits
  • Quarterly penetration testing
  • Monthly vulnerability assessments
  • Continuous compliance monitoring

Certifications

  • SOC 2 Type II compliance certification
  • ISO 27001 information security management
  • PCI DSS Level 1 for payment processing
  • GDPR compliance for data protection

Bug Bounty Program

  • Rewards up to $10,000 for critical vulnerabilities
  • Responsible disclosure process
  • Recognition for security researchers
  • Continuous improvement based on findings
Security Contact
Report security issues or vulnerabilities to our security team.

Security Team

[email protected]

Emergency Security Hotline: For critical security incidents, contact us immediately at [email protected] with "URGENT" in the subject line.