Pandora Security Policy

[Last revised: 27 July 2018]

At Pandora, security is our top priority. The security team has taken a variety of steps to help ensure your data is safe and secure. Pandora Trade Limited (Pandora or i-Pandora.com) acknowledges that to properly provide a secure platform in the cryptocurrency or digital currency space, security is a continual effort. The Pandora security team works continually to combat the latest in digital threats through proactive tactics. The Pandora security team cannot disclose all defense techniques, yet we're happy to provide the following policy and guidelines.

Account Protection

  • The Pandora team will ensure all user data is encrypted through AES 256-bit encryption and sensitive user data (encrypted or not) is never to be returned to the client.

  • The security team will ensure every request on Pandora goes through a verified and secure (ORG) SSL.

  • Pandora supports passwords up to 40 characters. Use a long, unique and complex password with a mix of alphanumeric characters and symbols.

  • Pandora also supports Two-Factor Authentication (2fa) using TOTP (Time-based One Time Password) Authentication. Users can access Two-Factor Authentication as it is a free, offline service that doesn't use any third-party servers.

  • The Pandora website will automatically log every successful and failed login attempt which will be time stamped by IP address and user agent. Login authentication emails are automatically sent out and cannot be turned off.

  • To help ensure user account security, any failed login attempts will result in both an account lockout and IP ban for an extended timeframe.

  • Lockdown links are provided in every transactional email that allows the user to completely disengage all of their API keys, requires a password reset and closes out any active sessions.

  • The Pandora security team will utilize algorithms to monitor for unusual user activity. If a user account is flagged, it will immediately process an account lockdown to terminate any active sessions.

Api Key Security

  • Pandora will store API Accounts with strong encryption and will never be returned to the client under any circumstances.

  • Furthermore, API Keys are always to be stored or displayed anywhere in an encrypted format. Your browser does not ever make requests to the exchange API directly from your computer.

  • In addition, every request to i-Pandora.com is done across SSL. SSL will ensure all data transmission to/from our servers remains encrypted. This is true for your browser, as well as the mobile app. The first and only time your key or secret is submitted to our online servers, it is encrypted by SSL.

  • Many exchanges allow you to set user restrictions on your exchange API keys which limit the access they have to just the functionality you want to use on Pandora.

  • Pandora strongly recommends that you only enable the API features that you intend to use and never enable withdrawals via API.

  • It is the user's responsibility to keep both their Pandora account and their exchange accounts secure.