```                                ```             
  `+oooooo+/:-`                  `-:/+oooooo+`          
  ooooo+/+oooooo+:.`        `.:+oooooo+/+ooooo`         
 :ooo+`    `.:+oooooooooooooooooo+:.`    `+ooo:         
 oooo`         /oooooooooooooooo/         `oooo         
.ooo:       ./oooooooooooooooooooo/.       :ooo.        
-ooo.   `-/oooooooooooooooooooooooooo/-`   .ooo-        
oooooooooooooo/.  `:oooooooo:`  .:+oooooooooooo+        
oooooooooo/-`       /oooooo+       `-/oooooooooo        
oooooo+:.     `-//- +oooooo+ -//-`     .:+oooooo        
ooo/-`     .:+oooooooooooooooooooo+:.     `-/ooo        
+o     `-/ooooooooooo++++++ooooooooooo/-`     ++        
:o   :+ooooooooo/-.`        `.-/ooooooooo+:   +/        
`+/` ooooooooo-                  .+ooooooo+ `/o.        
  ./+oooooooo`      -://///-      `+oooooo+++:`         
    `-+oooooo       :oooooo/       +ooooo+:.            
       `-/ooo+.      `-//:`      .+ooo/:.               
           .:+o+:-`          `.:+o+:.                   

You like to see how things tick? We might have a place for you.


What we're doing to secure your money, account, and personal data at Shakepay.

Proof of Reserves & Security Report
Shakepay hired a security firm to perform an independent review of our internal procedures for storing funds and processing transactions.

Money security

How we keep your money safe and always accessible to you.

Cold storage

The vast majority of digital currencies held at Shakepay are stored offline in cold storage wallets. We have partnered with a cold storage provider regulated under the NYDFS who holds SOC 1 Type II and SOC 2 Type II certifications.

Insurance policy

Shakepay holds an insurance policy on the digital currencies held in cold storage. This policy covers most damages, theft, and loss of private keys.

Multi-party approvals

Multiple people are required to authorize transactions. Neither of the two founders, Jean or Roy, are able to perform withdrawals from our cold storage wallets.

Segregated accounts

Your money is held separately from ours. We hold your Canadian dollars in segregated Canadian bank accounts and your digital currencies in segregated cold storage wallets.

No fractional reserve

Your money is your money and we have no intention nor desire to use those funds in any funky ways. If we must hold them for you briefly, we tuck them in the corner of our cold storage with your name written on them.

Strict whitelisting

Transactions from our cold wallets are restricted to a whitelist. It prevents unauthorized withdrawals to any address Shakepay has not approved.

Account security

Safeguards to thwart unauthorized access to your account.

Encryption in transit

Shakepay makes use of HTTPS for all connections between app and server. Passwords are hashed and personal data is encrypted before stored.

2-factor authentication

All accounts are secured by 2FA. By default, SMS-based 2FA is enabled and we recommend upgrading to enable TOTP-based 2FA using an Authenticator app.

Device lock

Lock access to the Shakepay app with Face ID, biometric unlock, pattern, or PIN code.

Email confirmations

Confirm digital currency withdrawals by clicking on a link sent to your email. This ensures access to your account and your email address are required to perform these actions. Turn it on in your settings.

Account notifications

You receive email, SMS, or push notifications to alert you about account activity, such as transactions, logins, and password changes.

Rate limiting

Login attempts, and other interactions, are rate limited to prevent credential stuffing and brute force attacks.

Personal data security

Storing your data to prevent it from going anywhere.

Encryption at rest

Your personal data (like name and date of birth) are stored using 256-bit AES encryption. This means if someone were to access our records, the data retrieved would be illegible.

Storing documents securely

Similar to approving transactions, we employ an initiator/approver setup for sensitive data shared with Shakepay. For example, documents submitted for verification are archived after 30 days and require a trusted team member's approval for retrieval afterwards.

Compliant with privacy laws

Our policies and procedures are designed to be in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and Quebec’s An Act Respecting the Protection Of Personal Information in the Private Sector.