Satoshkin Security

When you connect an exchange account, Satoshkin requests only two scopes from the exchange API:

• read — balance, trade history, active listings
• trade — modifying prices on your listings, P2P chat responses

We never request withdraw (fund withdrawal). This is not just our promise — it is a hardware-level limit at the exchange API: a key created without withdrawal scope cannot move your crypto off the exchange, including by us.

When generating an API key on Binance / Bybit / OKX / Garantex / Huobi, leave the "Enable Withdrawals" checkbox unchecked. If you accidentally connected a key with withdrawal permission, delete it on the exchange side and create a new one.

• API keys are encrypted with AES-256-GCM before the database write, using a per-tenant key stored separately from the data
• Decryption happens in process memory only at the moment of executing a trade command — the plaintext key is never written to disk or logs
• Database backups are encrypted at rest (tablespace-level)
• Production write access is gated by PR review + audit log; read-only access is granted to a small set of engineers

To rotate a key, delete it in your exchange settings and add a new one in your Satoshkin dashboard. The old record stops working within seconds.

Enable two-factor authentication (TOTP) right after sign-up:

• Supported: Google Authenticator, Authy, 1Password, Bitwarden
• When you enable 2FA, you receive backup codes — store them in a password manager or offline
• Password recovery without 2FA is disabled: if you lose both your password and 2FA, you must go through identity-confirmed recovery via support

Logins from new devices or IP addresses are recorded and, with notifications on, you get a Telegram alert.

• We do not store your bank details or cards. Fiat transfers in P2P go directly between you and your counterparty — we only trigger escrow release on the exchange side after you confirm payment.
• We are not a custodian. Your crypto always remains on your exchange account, never on a Satoshkin wallet.
• We have no access to fiat deposits. Fiat in/out is your responsibility on the exchange and payment-system side.

This means incidents like "Satoshkin lost users' funds" are technically impossible: we don't hold them.

If you find a vulnerability in Satoshkin (web, API, mobile, Telegram bots), email us at [email protected] (PGP key on request).

We:

1. Acknowledge within 48 hours
2. Triage severity (CVSS), reply with a fix timeline
3. Ask for a 90-day embargo on public disclosure until patch ships
4. List you in the Hall of Fame (optional) after disclosure

In-scope: leakage of other users' API keys or account data; permission bypass in the dashboard; injection (SQL, command, template); XSS / CSRF / SSRF in the main product; logical vulnerabilities in billing.

Out-of-scope: DoS / volumetric attacks (report to Cloudflare); social engineering of our staff; self-XSS requiring cookie injection; automated scans without a reproducible PoC.

• Vulnerability disclosure: [email protected]
• Suspicious activity on your account: [email protected] + Telegram @satoshkin_support (priority)
• Legal requests: [email protected]