BitApex Security
BitApex’s built with your security in mind. That’s why we use AES-256 encryption across the board, and we’re PCI-DSS and ISO 27001 compliant.
Custody
Bitapex remains a non-custodial agent in all customer dealings. Bitapex does not custody any customer funds purchased on the platform and transfers assets directory to/from customer directed wallets. If the customer does not already have a wallet, a wallet may be created for them on the Bitapex platform, but the keys are only accessible to the user and escrowed away from all Bitapex employees.
Internal Security
Bitapex employees are required to use company-provided devices that are managed through a mobile device management solution. This allows our security and IT teams to enforce security policies, deploy other endpoint protection solutions and manage devices remotely. All employees are enforced to use Single Sign-On, and Multi-Factor Authentication to access third party applications and services. Employees are subject to background checks prior to employment and receive training on security guidelines. Employees are held to stringent security standards and interface regularly with the Security team.
Secure Development
Bitapex employs processes and tooling to continuously deliver secure software to our cloud infrastructure and applications. All code changes go through a code review process and are subject to static application security testing (SAST) to detect insecure code patterns. All dependencies are automatically updated and Bitapex's security team works hand in hand with engineering teams to provide assistance during the different stages of the software development lifecycle (SDLC). Bitapex engineers participate in regular security training to educate about common vulnerabilities and secure development practices.
Payment & Customer Data
All data sent to or from Bitapex's infrastructure is encrypted in transit using Transport Layer Security (TLS) version 1.2 or later. All Bitapex data is encrypted at rest using AES-256 block-level storage encryption and stored in ISO27001 and PCI DSS compliant data centers. Bitapex is compliant to the General Data Protection Regulation (GDPR), ensuring that all customer and employee personal information is treated with the highest level of security and in a lawful manner. All payment information is processed and stored following the strict Payment Card Industry Data Security Standards (PCI DSS).
Bug Bounty Program
As part of our commitment to security, we welcome vulnerability submissions through our bug bounty program on HackerOne. Bitapex strongly believes in the value of collaborating with the security community to continuously test and improve the security of our platform. If you have discovered a vulnerability on Bitapex, we encourage you to report it through our bug bounty program at Bitapex.
Legal terms
For all policy review, please view our Legal Terms for details on our certifications.