Please read the terms and conditions of this Agreement carefully, and by either (i) your acceptance of the terms and conditions of this Agreement by selecting "Accept" where indicated when setting up your account or (ii) your initial and subsequent use of the Application, you hereby agree and accept (the "Acceptance") that Routefire’s provision of the Services will be governed by this Agreement. Note that we reserve the right to discontinue the Services in the event that you do not comply with the terms and conditions contained herein.
Providing customers with enterprise-grade solutions for cryptocurrency trading is at the heart of the Routefire mission, and we take pride in the security of our own technology as well as the help we can sometimes be to our clients.
For a complete description of our standards and how we implement them, please refer to the full policy linked below. This document discusses the sensitive data Routefire protects and selected key controls from the greater framework.
The only sensitive data stored by Routefire is customer API keys. The keys are encrypted at source and stored directly in an encrypted database on a secure server inside the Routefire network, from which they never leave. Safeguards are in place to prevent accidental leaking of information by system logs or programmer error — for example, the methods that render to the string type purposefully omit the sensitive data in the rendering. This and other techniques prevent API keys from accidental compromise, while the encryption in flight and at rest protect against intentional attempts at compromise by an attacker.
For a complete description of our standards and how we implement them, please refer to the full policy in the attachment entitled Data Security Policies and Procedures. This document discusses the sensitive data Routefire protects and selected key controls from the greater framework.
The Routefire authentication mechanism — used both in the application and the API — is based on a proven model of security. JWT tokens are provided to clients, which authorize API calls against Routefire's backend trading servers. As with all JWTs, they expire quickly and employ a sophisticated refresh scheme to ensure security while maintaining a good user experience.
Specific roles are attached to the tokens, and they are transmitted over an encrypted channel for storage safely on the user's device. This security model is largely considered best practice, and is typically used for the most security-sensitive applications.
In order to ensure the Routefire application and API keys are protected to the highest possible standard, networks and systems are continually monitored and tested. Comprehensive audit logs are maintained on all systems that contain sensitive data, and periodic penetration testing and vulnerability assessment are used to ensure the ongoing efficacy of the controls.
Furthremore, in order to prevent code with poor security from entering our codebase, Routefire has a strict policy of pull requests and code review. This helps ensure that all Routefire technology meets our stringent security standards, both now and on an ongoing basis.
If you'd like to use Routefire, or to learn more about the company, please contact us using the form below.