SECURITY FIRST ALWAYS

🔐 Security Policy

Effective Date: April 2023
Last Updated: 11 June, 2025

At Singapore Digital Exchange Pte Ltd (SDX), we take the security of our users, platform, and data seriously. This Security Policy outlines our approach to protecting against cyber threats, unauthorized access, data breaches, and other security incidents.


1. Information Security Governance

We maintain a formal information security governance framework that includes:

  • Clearly defined security roles and responsibilities;

  • Regular internal audits and reviews;

  • Executive oversight of security controls and risk management.


2. Access Control & Authentication

We implement strict access control measures to ensure that only authorized individuals have access to sensitive systems and data:

  • Multi-factor authentication (MFA) for all internal and administrative users;

  • Role-based access restrictions;

  • Regular access reviews and permission audits;

  • Immediate revocation of access upon account termination or role change.


3. Data Protection

We take the following measures to ensure data confidentiality, integrity, and availability:

  • Encryption: All sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256);

  • Backups: Secure, redundant backups are performed regularly;

  • Segmentation: Systems are segmented to isolate sensitive components from public access.


4. Network & Infrastructure Security

Our platform infrastructure is designed with the following protections:

  • Firewalls, DDoS mitigation, and intrusion detection systems (IDS);

  • Cloud infrastructure configured with best-practice security groups and policies;

  • Regular updates and patching of operating systems and software components.


5. Application Security

To protect against application-layer vulnerabilities:

  • We conduct regular vulnerability assessments and penetration tests;

  • Source code is reviewed for security issues;

  • Static and dynamic analysis tools are used during development;

  • Secure development lifecycle (SDLC) practices are followed by our tech team.


6. Incident Response Plan

SDX maintains a comprehensive incident response plan that includes:

  • 24/7 monitoring and alerting systems;

  • Defined escalation procedures and rapid response team;

  • Communication protocols for notifying affected users and authorities (if applicable);

  • Post-incident reviews and documentation.


7. Third-Party & Vendor Security

We assess and monitor third-party service providers to ensure they meet SDX’s security standards. This includes:

  • Reviewing security certifications (e.g., ISO 27001, SOC 2);

  • Data processing agreements and confidentiality clauses;

  • Regular performance and compliance evaluations.


8. User Responsibilities

Users are expected to:

  • Maintain the confidentiality of their account credentials;

  • Use strong, unique passwords and enable MFA;

  • Report suspicious activity or potential breaches immediately;

  • Refrain from using the platform in a manner that compromises security.


9. Security Awareness & Training

All SDX staff undergo regular training on:

  • Cybersecurity best practices;

  • Data handling procedures;

  • Threat recognition and reporting protocols.


10. Continuous Improvement

SDX continuously evaluates and improves its security posture based on:

  • Evolving cyber threats;

  • Regulatory requirements;

  • Industry best practices and lessons learned from incidents.


Contact for Security Concerns

To report a security issue or ask questions regarding this policy, please contact:

Security Team – Singapore Digital Exchange
Email: [email protected]

security

TWO/THREE FACTOR AUTHENTICATION

Google Authenticator and email authenticator is supported giving you the ability to set additional verification tokens over GA on your mobile phone or email account to unlock specific actions like trading or withdrawing.

security
security - ENCRYPTED USER ACCESS

ENCRYPTED USER ACCESS

A specially developed process puts another encryption layer between the client and the wallet. By using this method as well as an off-blockchain wallet approach, you are highly secured but still have options for password recovery. This unique process gives additional security to the user funds.

ARCHITECTURE BASED ON LATEST TECHNOLOGICAL FRAMEWORK

By using the latest state-of-the-art software available, we can mitigate risks of leaks based on immaturity of software. Continuous updates and technological advancements increases the overall resilience of Singapore Digital Exchange infrastructure.

ARCHITECTURE BASED ON LATEST TECHNOLOGICAL FRAMEWORK​