Defence in depth
Security at Zeongrow is layered. No single control catches every threat, so we combine encryption, permission boundaries, monitoring and human review.
What Zeongrow controls
- API keys stored encrypted at rest using AES-256 and rotated on key events such as password change.
- TLS 1.3 enforced for every connection between your browser and our servers.
- All bot servers run in hardened, isolated environments with restricted inbound networks.
- Login activity is scored continuously; impossible-travel and suspicious-device flags trigger additional verification.
- Administrative access requires hardware-key based multi-factor authentication.
What your exchange controls
- Custody of your coins.
- The withdrawal permission on the API key — set this to off.
- The list of IP addresses that may use the API key.
- Two-factor authentication on withdrawals from the exchange itself.
What you control
- Your Zeongrow password and two-factor method.
- Whether to enable session locking on inactivity.
- Whether to keep withdrawal permissions disabled (recommended).
- Notification preferences for every bot event.
Security incident response
If you ever suspect your account or your API key has been compromised, the immediate step is to revoke the API key on the exchange. That single action stops any further orders. Then change your Zeongrow password, regenerate two-factor recovery codes and email us at [email protected] so we can review the audit log with you.
Phishing & social engineering
We will never call you to ask for your password, trading PIN or two-factor codes. Treat any such request as a scam, even if the caller seems to know personal details. When in doubt, hang up and write to us instead.