Security Policy

JP finance ("Company") operates the following security measures to protect user assets and personal information.

1. Encryption and Communications

• SSL/TLS: All communications with the website are encrypted. Prevents eavesdropping and tampering during transmission.
• Password protection: Passwords are stored using one-way hash. Plain-text passwords are not stored.
• Data encryption: Sensitive personal and financial data is encrypted in storage.

2. Collateral Custody

• Cold wallet: Most collateral is held in offline cold storage, minimizing hacking risk.
• Hot wallet minimized: Only the minimum required for deposits/withdrawals is kept in hot wallets; excess is regularly moved to cold storage.
• Multi-signature: Major asset movements may require multi-signature approval.

3. Access Control

• Least privilege: Access to systems and assets is restricted to the minimum necessary personnel.
• Access logs: Admin and critical system access is logged and reviewed periodically.
• 2FA: Two-factor authentication applied to admin accounts and key systems.

4. Infrastructure Security

• Security software: Antivirus, firewall, intrusion detection, etc.
• Regular audits: System checks and vulnerability scans performed periodically.
• Patch management: Security updates applied promptly.

5. Privacy Protection

See our Privacy Policy for personal data handling. We encrypt data, limit access, and maintain connection logs to protect your information.

6. Incident Response

• In case of security incident or data breach, we notify users promptly as required by law.
• We analyze causes, assess impact, and implement measures to prevent recurrence.
• We report to authorities when necessary and work with users to minimize harm.

7. User Security Guidelines

Please help keep your account secure:

• Do not share your password. Use a strong password (6+ characters).
• Verify deposit addresses. Consider a small test transfer first.
• Use only the specified networks (BTC, ERC-20, XRP, etc.).
• Do not enter personal information on suspicious emails, messages, or links.

8. Policy Updates

This policy may be revised due to technical or environmental changes. Revisions are announced at least 7 days before the effective date.

Effective: January 1, 2026