Security & Trust

Security is product design, not a paragraph in the footer.

KrptoPay protects wallet and marketplace activity with server-side access control, hardened HTTP responses, fixed money-movement rules, and escrow on every order. Here is how that works in practice.

01

Server-enforced access control

Protected pages and APIs verify your session on the server for every request. The admin area is isolated and requires an administrator account, so access is never decided in the browser alone.

Enforced
02

Sign-in protection

Passwords are stored only as salted one-way hashes, never in plain text. Sign-in runs a bot challenge, and a disabled account is rejected even if it still holds a valid session token.

Enforced
03

Browser and transport hardening

Traffic is served over HTTPS. Each response sets a Content Security Policy, clickjacking protection, MIME-sniffing protection, a strict referrer policy, and a restrictive permissions policy — headers you can verify yourself.

Enforced
04

Money-movement rules

Deposits, withdrawals, exchange, and status changes follow a fixed lifecycle. Balances change only at the correct step, and an approval is processed once even if it is retried, so funds are not double-counted.

Enforced
05

Marketplace escrow and order controls

Buyer funds are held in escrow and released to the seller only after the order is completed or a dispute is resolved. Selling is gated behind identity verification and profile approval.

Enforced
06

Identity verification and data boundaries

KYC documents are stored in private storage outside the public web root and streamed only to the owner or an authorized administrator. Public pages expose only approved public fields.

Enforced
Responsible disclosure

Found a security issue? Tell us.

If you believe you have found a vulnerability or an active security incident, email support@krptopay.com with steps to reproduce and the affected area. We review every report and support good-faith research that respects user privacy and avoids service disruption.