Data Protection

 

1. How We Protect Your Data

1.1. Restricted Wallet Handling

The UnitedCrowd platform is a severely restricted, specially developed kernel environment for handling sensitive processes. It is not possible to carry out transactions without the involvement of the user and his authentication data, which are securely forwarded to this restricted environment. No other UnitedCrowd system has the components necessary to perform valid operations on the encrypted wallet material. Once the requested process has been completed, any decrypted wallets or key materials will be safely destroyed.

1.3. Secure Data Encryption

All of our sensitive data is encrypted with AES-256 in the idle state. We use hardware security modules (HSM) to encrypt all user portfolios. During transmission, encryption is always performed with a strong AES128 / 256 TLSv1.2 configuration, both to our API endpoints and internally in our environment.

1.5. Web Application Firewall

All traffic to UnitedCrowd services is forwarded through Cloudflare. We use Cloudflare’s Web Application Firewall (WAF) to protect UnitedCrowd services from many types of attacks, including:

Malicious scan and scraper bots
Injection attacks
Distributed Denial of Service (DDoS)

We also limit the number of requests to our services to prevent malicious endpoints from impacting performance.

1.2. Secure Network Architecture

We offer the location in two data centers, one CenturyLink formerly Level3, with ISO27001 certification and Artfiles W408. The cloud server is in Centurylink, which used to be Level3. The data center and thus the physical security measures of the servers on which our cloud server is hosted is ISO 27001 certified. In addition, the servers in our racks are locked, only our employees and possibly the fire brigade have physical access to the servers through these multi-level protection mechanisms. The host system, storage and host system are also designed with multiple redundancies.

1.4. Authentication and Access Control

Authentication credentials are salted and used with high iteration, and all API calls are authenticated with HMACs per request and protected with integrity. The access control control is to the principle of the least privileges, so external also internally. 

 

2. How We Secure Ourselves

2.1. Two Factor Authentication

All UnitedCrowd employee accounts enforce the use of strong passwords and two-factor authentication (2FA). Employees with higher access rights must use a separate YubiKey for authentication. We also enforce the use of 2FA for all of our customers who use our production blockchain environment.

2.3. Logging and Monitoring

All actions performed in our environment, including access to confidential data, are logged and monitored for unauthorized activities. Certain actions are only available for severely restricted service accounts, and any unauthorized attempt to access confidential data manually or otherwise will immediately trigger a security incident.

2.5. Employee Security Policies

UnitedCrowd employees’ laptops contain additional customer data for wallets. This must but a can be hard drive encryption with safe passwords have. Each UnitedCrowd employee has an account to manage 1Password credentials, which can be used to effectively create and manage secure, unique passwords.

2.2. Advanced DevSecOps

Our agile development team uses the latest DevSecOps processes to verify the quality and integrity of the codes it ships: all code commits must be digitally signed by developers, and our continuous integration (CI) pipeline performs a series of checks, um To check the quality of the codes, our requirements are met, potential security gaps and code deployments are only carried out by recognized senior employees of the engineering team.

2.4. Service Resilience

Encryption backups are created daily to ensure that the most important customer data can be restored in the event of malicious or accidental loss. These backups are spread across geographically redundant zones, which significantly reduces the risk of catastrophic loss. All critical systems must be subject to constant review and monitoring of service availability and quality. Our employees are ready to remedy any loss of service.

X