Security & information security

Protecting your data and keeping DeFi-MC reliably available are high priorities. This page outlines our security approach in general terms — without exposing confidential operational detail.

1. Technical and organisational measures (TOMs)

We apply industry-standard technical and organisational measures to safeguard confidentiality, integrity and availability. These include encrypted transport (HTTPS/TLS), need-to-know access controls, security event logging where appropriate, and timely updates to system components.

2. Hosting and segregation

Systems are operated or segmented where possible to limit the impact of outages or compromise. Production and non-production environments are kept meaningfully separated.

3. Encryption and secrets

Sensitive configuration and secrets are not stored in plaintext in code repositories but provided via appropriate secret management. Data between browser and platform is transmitted encrypted.

4. Availability and backups

We aim for high availability and use backups and recovery concepts appropriate to product risk. No system can guarantee absolute availability; planned maintenance is communicated where feasible.

5. Reporting vulnerabilities

If you discover a potential vulnerability, please report it responsibly through the contact channels in the legal notice or privacy policy with the subject “Security”, without public exploitation.

6. Your contribution

Strong passwords, using two-factor authentication where offered, and careful handling of API or publishing permissions materially improve your own and community security.

Note: Specific technical details may not be fully documented for security reasons.