Platform Security: How We Protect Your Investment

Security is not optional when real money is involved. Here is how we protect every dollar on the platform. Wallet Security: Every wallet operation goes through our WalletService — a centralized ledger engine that uses database-level row locking and atomic transactions. When you invest, withdraw, or receive a payout, the operation either completes fully or rolls back entirely. No partial states, no double-spends. Every transaction creates an immutable ledger entry with a running balance snapshot. You can audit your entire transaction history at any time. Authentication: - Email verification required before withdrawals - Optional KYC verification for enhanced limits - Bcrypt password hashing with 12 rounds - Session-based authentication with CSRF protection on every form Anti-Fraud: - IP-based registration throttling (max 5 accounts per IP per 24 hours) - Withdrawal funds are locked immediately when requested — no double-spending possible during admin review - Login activity tracking for suspicious pattern detection Infrastructure: - SSL/TLS encryption for all connections - Security headers (HSTS, X-Frame-Options, CSP) - API rate limiting (10 req/min on login, 60/min authenticated) - Sensitive files (.env, database configs) blocked at both Apache and PHP levels We believe transparency builds trust. That is why every payout, commission, and fee is visible in your transaction history with exact timestamps and running balances.