👮♂️Security
How Starbot uses and protects your data
💡 By data, we mean: Inputted wallet information such as private key, your wallet name, wallet address. User data such as custom settings, and username. Required session information, such as "you last clicked buy" or "waiting for user to enter a wallet name".
🕵️♂️ Data classification: All stored data is classed as restricted (as opposed to classified). That means it's subject to encryption at rest and in transit, as well as tight access control.
🔑 Data at rest: Wallet private keys are encrypted and stored at rest. The service has its own unique authentication key to encrypt/decrypt such that if anyone were able to access the database data, it would not result in a compromise of wallet data. This data is not emitted to logs.
🚚 Data in transit: We use SSL connections where data is transmitted: Database, Telegram API, RPC nodes. Wallet private keys are only ever sent back/forth to the database (The initial wallet generation private key is sent through Telegram, and we encourage the user to delete the one message that contains this private key)
🖥️ Access control: We restrict access to service servers and databases to only the developers that need access. Data is not easily accessible: Devs have no direct access to the service authentication key, therefore they cannot access wallet private keys directly.
Last updated