We, here at Prediction, care about security. Here is a list of the security measures we have already taken. We are constantly working on security improvements and will update the following list with new introduced security measures over time.
User Account Security
We use secure token-based authentication for our users with a set token expiration. All of our endpoints are authenticated apart from the ones which don’t handle any personal information.
Users’ passwords are hashed before storing, which is an industry norm, however overlooked by some providers.
Users are encouraged to use long and complex passwords, combine alphanumeric characters and symbols. The best is to make use of password generators, e.g. http://passwordsgenerator.net/
API Keys Security
We only require READ only API keys from users who wish to connect their exchanges. We store all the keys, passphrases and uid encrypted with AES. AES (Advanced Encryption Standard) is a symmetric encryption algorithm and one of the most secure ciphers out there.
We only read information from users’ exchange accounts and never make any actions on user’s behalf.
We have taken preventive measure against the most common web attacks
cross-site scripting attacks and other cross-site injections
man-in-the-middle attacks with forged certificates
All the information travelling on the wire from you to us and back is encrypted and secure since we use SSL. Before you even start browsing our website our server will establish a secure connection with your browser and will encrypt any data we will exchange.
We enforce secure connections to the server only (HTTP over SSL/TLS).
To mitigate injection attacks we use only parameterized queries and validate all user input to make sure no malicious code can be executed on our servers.
We take security seriously and make sure we comply with new GDPR rules. User's personal information is only accessible by a very limited number of stuff. We make use of restricted access, personalized accounts and user roles. Only people who need to work with your data have access to it. The same applies to other parts of our system.
It is the user’s responsibility to keep both their Prediction account credentials and exchange account API keys secure. We provide all possible security enhancement in order to keep your information safe, however it is up to you how seriously you take security of your data.