``` ``` `+oooooo+/:-` `-:/+oooooo+` ooooo+/+oooooo+:.` `.:+oooooo+/+ooooo` :ooo+` `.:+oooooooooooooooooo+:.` `+ooo: oooo` /oooooooooooooooo/ `oooo .ooo: ./oooooooooooooooooooo/. :ooo. -ooo. `-/oooooooooooooooooooooooooo/-` .ooo- /ooo..:+oooooooooooooooooooooooooooooooo+:..ooo/ +oooooooooooooooooooooooooooooooooooooooooooooo+ oooooooooooooo/. `:oooooooo:` .:+oooooooooooo+ oooooooooo/-` /oooooo+ `-/oooooooooo oooooo+:. `-//- +oooooo+ -//-` .:+oooooo ooo/-` .:+oooooooooooooooooooo+:. `-/ooo +o `-/ooooooooooo++++++ooooooooooo/-` ++ :o :+ooooooooo/-.` `.-/ooooooooo+: +/ `+/` ooooooooo- .+ooooooo+ `/o. ./+oooooooo` -://///- `+oooooo+++:` `-+oooooo :oooooo/ +ooooo+:. `-/ooo+. `-//:` .+ooo/:. .:+o+:-` `.:+o+:. .-/++++////++++/-. `````` You like to see how things tick? We might have a place for you. https://angel.co/shakepay/jobs
The vast majority of digital currencies held at Shakepay are stored offline in cold storage wallets. We have partnered with a cold storage provider regulated under the NYDFS who holds SOC 1 Type II and SOC 2 Type II certifications.
Shakepay holds an insurance policy on the digital currencies held in cold storage. This policy covers most damages, theft, and loss of private keys. We intend on continuing to increase our policy to cover all digital currencies held in cold storage, as required.
Multiple people are required to authorize transactions. Neither of the two founders, Jean or Roy, are able to perform withdrawals from our cold storage wallets.
Your money is held separately from ours. We hold your Canadian dollars in segregated Canadian bank accounts and your digital currencies in segregated cold storage wallets.
No fractional reserve
Your money is your money and we have no intention nor desire to use those funds in any funky ways. If we must hold them for you briefly, we tuck them in the corner of our cold storage with your name written on them.
Transactions from our cold wallets are restricted to a whitelist. It prevents unauthorized withdrawals to any address Shakepay has not approved.
Encryption in transit
Shakepay makes use of HTTPS for all connections between app and server. Passwords are hashed and personal data is encrypted before stored.
All accounts are secured by 2FA. By default, SMS-based 2FA is enabled and we recommend upgrading to enable TOTP-based 2FA using an Authenticator app.
Lock access to the Shakepay app with Face ID, biometric unlock, pattern, or PIN code.
Confirm digital currency withdrawals by clicking on a link sent to your email. This ensures access to your account and your email address are required to perform these actions. Turn it on in your settings.
You receive email, SMS, or push notifications to alert you about account activity, such as transactions, logins, and password changes.
Login attempts, and other interactions, are rate limited to prevent credential stuffing and brute force attacks.
Encryption at rest
Your personal data (like name and date of birth) are stored using 256-bit AES encryption. This means if someone were to access our records, the data retrieved would be illegible.
Storing documents securely
Similar to approving transactions, we employ an initiator/approver setup for sensitive data shared with Shakepay. For example, documents submitted for verification are archived after 30 days and require a manager's approval for retrieval afterwards.
Compliant with privacy laws
Our policies and procedures are designed to be in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and Quebec’s An Act Respecting the Protection Of Personal Information in the Private Sector.