Security Practices

We follow best practices for securing data

Security Practices

Last Updated: August 5, 2025

Effective Date: August 5, 2025

At Badger+, we take security seriously and implement industry-leading practices to protect our users and their data. Below is an overview of our core security measures:

1. Data Encryption

In Transit: All data is encrypted using TLS 1.3+ to ensure privacy and integrity between your device and our servers.
At Rest: Sensitive data is encrypted at rest using strong, industry-standard algorithms.

2. Wallet & Key Security

Non-custodial by Design: We never store your private keys or seed phrases. All wallet operations are performed client-side.
Secure Wallet Integrations: We support only reputable wallet providers and regularly review integration code for vulnerabilities.
No Blind Signing: We discourage and warn against blind signing of transactions, and display clear transaction details before user approval.

3. Regular Security Audits

We conduct regular internal and external security audits to identify and remediate vulnerabilities.
All critical code and infrastructure changes are reviewed for security impact.

4. OWASP Top 10 Compliance

Our development process is guided by the OWASP Top 10 security risks, ensuring protection against the most common web vulnerabilities.

5. Automated Dependency Scanning

We use automated tools to continuously scan for vulnerabilities in third-party libraries and dependencies.
Vulnerabilities are patched promptly as part of our CI/CD pipeline.

6. Rate Limiting

All API endpoints are protected by rate limiting to prevent abuse and mitigate denial-of-service attacks.

7. CSRF Protection

State-changing operations are protected by CSRF (Cross-Site Request Forgery) tokens to prevent unauthorized actions.

8. XSS Prevention

User-generated content is sanitized using DOMPurify and other best-in-class libraries to prevent Cross-Site Scripting (XSS) attacks.

9. JWT Authentication & Secure Key Management

We use signed JWTs (JSON Web Tokens) for authentication, with secure, regularly rotated signing keys.
Keys are managed using best practices and never exposed in client-side code.

10. Bug Bounty & Responsible Disclosure

We encourage responsible disclosure of security vulnerabilities. Please see our security.txt for contact details.

Contact & Reporting

If you discover a vulnerability or have a security concern, please contact us at [email protected]. For sensitive reports, use our public PGP key to encrypt your message. For more details, see our security.txt.

PreviousBest Practices NextPrivacy Policy

Last updated 5 months ago

hashtagSecurity Practices

hashtag1. Data Encryption

hashtag2. Wallet & Key Security

hashtag3. Regular Security Audits

hashtag4. OWASP Top 10 Compliance

hashtag5. Automated Dependency Scanning

hashtag6. Rate Limiting

hashtag7. CSRF Protection

hashtag8. XSS Prevention

hashtag9. JWT Authentication & Secure Key Management

hashtag10. Bug Bounty & Responsible Disclosure

hashtagContact & Reporting