secure platform - super simple mining

Super Simple Mining's Security Policies


At Super Simple Mining, security is our top priority. We have taken a multitude of steps to help ensure your data is safe and secure. We recognize that in order to provide a secure platform in the digital currency space, security is an interminable effort. Our security team works perpetually to combat the latest in cyber threats in a proactive manner. While we cannot disclose all of our defense techniques, we're happy to provide the following policy and guidelines.



Account Protection


• All user data is encrypted with AES 256-bit encryption and sensitive user data (encrypted or not) is never returned to the client.

• Every request on Super Simple Mining goes through a verified and secure (ORG) SSL.

• Super Simple Mining supports passwords up to 40 characters. Use a long, unique and complex password with a mix of alphanumeric characters and symbols.

• Super Simple Mining also supports Two-Factor Authentication (2fa) using TOTP (Time-based One Time Password) Authentication. This is a free, offline service that doesn't use any third-party servers.

• Super Simple Mining supports U2F (Universal Second Factor) Authentication. We support any FIDO-compatiable device such as the Yubikey and Trezor to secure your account.

• Every successful and failed login attempt is logged and timestamped by IP address and user agent. Authentication e-mails are automatically sent out and cannot be turned off.

• Two-factor authentication (TOTP or U2F) is required to enable trading through your account.

• Failed login attempts will result in both an account lockout and IP ban for an extended period of time.

• Lockdown links are provided in every transactional e-mail that allows the user to completely disengage all of their API keys, requires a password reset and closes out any active sessions.

• Heuristic algorithms are employed to monitor for unusual account activity and if flagged will immediately process an account lockdown and terminate any active sessions.




System Security


• Super Simple Mining uses a multi-tiered server architecture with complex credentials to ensure server integrity.

• Super Simple Mining never handles your funds directly. All funds remain stored in the exchange's wallets.

• All user requests are filtered and checked on the front-end and back-end for XSS, CSRF, Clickjacking and Session Impersonation attacks.

• We use only parameterized queries to the database to further prevent injection attacks.

• Super Simple Mining is hosted in Google's datacenters and our team has a combined 30 years experience in web security and best practices.

• All servers are protected with a strong firewall, and only key team members have access.

• Systems are audited regularly and always up-to-date with the latest in security fixes.

• DNS-level DDOS (Distributed Denial of Service) protection is employed.

• Internal auditing and security screening is employed across all networks and instances.



Employee Security


• All employees are required to use hardware authentication devices where applicable.

• All employee accounts are restricted/compartmentalized to their specific area of knowledge.

• Sensitive information is never transmitted via insecure channels and further is always encrypted via PGP.

• A strong VPN is required for all employees to access any internals.

• All third-party accounts have 2FA (Two-Factor authentication) and in most cases require hardware authentication.

• Regular account auditing and password rotation is required.



Further Security Questions


Should you have any further questions with regards to security on Super Simple Mining, please feel free to reach out via Super Simple Mining Support. We're happy to hear from you.