🔐 Security Policy
Effective Date: April 2023
Last Updated: 11 June, 2025
At Singapore Digital Exchange Pte Ltd (SDX), we take the security of our users, platform, and data seriously. This Security Policy outlines our approach to protecting against cyber threats, unauthorized access, data breaches, and other security incidents.
We maintain a formal information security governance framework that includes:
Clearly defined security roles and responsibilities;
Regular internal audits and reviews;
Executive oversight of security controls and risk management.
We implement strict access control measures to ensure that only authorized individuals have access to sensitive systems and data:
Multi-factor authentication (MFA) for all internal and administrative users;
Role-based access restrictions;
Regular access reviews and permission audits;
Immediate revocation of access upon account termination or role change.
We take the following measures to ensure data confidentiality, integrity, and availability:
Encryption: All sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256);
Backups: Secure, redundant backups are performed regularly;
Segmentation: Systems are segmented to isolate sensitive components from public access.
Our platform infrastructure is designed with the following protections:
Firewalls, DDoS mitigation, and intrusion detection systems (IDS);
Cloud infrastructure configured with best-practice security groups and policies;
Regular updates and patching of operating systems and software components.
To protect against application-layer vulnerabilities:
We conduct regular vulnerability assessments and penetration tests;
Source code is reviewed for security issues;
Static and dynamic analysis tools are used during development;
Secure development lifecycle (SDLC) practices are followed by our tech team.
SDX maintains a comprehensive incident response plan that includes:
24/7 monitoring and alerting systems;
Defined escalation procedures and rapid response team;
Communication protocols for notifying affected users and authorities (if applicable);
Post-incident reviews and documentation.
We assess and monitor third-party service providers to ensure they meet SDX’s security standards. This includes:
Reviewing security certifications (e.g., ISO 27001, SOC 2);
Data processing agreements and confidentiality clauses;
Regular performance and compliance evaluations.
Users are expected to:
Maintain the confidentiality of their account credentials;
Use strong, unique passwords and enable MFA;
Report suspicious activity or potential breaches immediately;
Refrain from using the platform in a manner that compromises security.
All SDX staff undergo regular training on:
Cybersecurity best practices;
Data handling procedures;
Threat recognition and reporting protocols.
SDX continuously evaluates and improves its security posture based on:
Evolving cyber threats;
Regulatory requirements;
Industry best practices and lessons learned from incidents.
To report a security issue or ask questions regarding this policy, please contact:
Security Team – Singapore Digital Exchange
Email: [email protected]
Google Authenticator and email authenticator is supported giving you the ability to set additional verification tokens over GA on your mobile phone or email account to unlock specific actions like trading or withdrawing.
A specially developed process puts another encryption layer between the client and the wallet. By using this method as well as an off-blockchain wallet approach, you are highly secured but still have options for password recovery. This unique process gives additional security to the user funds.
By using the latest state-of-the-art software available, we can mitigate risks of leaks based on immaturity of software. Continuous updates and technological advancements increases the overall resilience of Singapore Digital Exchange infrastructure.
