How we handle privacy at OVALE.io
OVALE.io is a desktop trading client for the biggest cryptocurrency exchanges.
Privacy is an important matter. Especially in the information age we live in. Fake news, twitter bots, phishing, if these words seem familiar to you then you are probably aware of this matter.
At OVALE, we believe that our users should have control over their data. Software should enable people to protect their privacy, not the opposite.
Transparency is the first step towards a better privacy model for technology companies. In this post, we will explore how we handle our users’ data.
The information we require
- An email address
- A password
- A set of cryptocurrency exchanges API Keys
The OVALE Trading client pulls user’s data from their cryptocurrency exchanges accounts. First a user has to set up the API keys corresponding to the accounts they want to connect to. Then OVALE aggregates the data, does the dirty cleaning, and displays the information in a human-readable way to the user.
The User’s API keys are never sent to our servers. The keys are stored locally on the user’s hard drive and are encrypted with their account password.
We have followed the industry’s best practices for our cryptography implementation. Sensitive information is protected using the AES-256 algorithm.
When a user first opens our app, they are asked to create an account. We currently use accounts to manage subscriptions.
In the future, some features will enable our users to save their encrypted trading data on our servers. These features will always be opt-in and will never be forced upon users.
We currently do not track our users. In the future, we might enable this as an opt-in option to better understand app usage. Analytics will always be anonymized.
We would love to hear your thoughts about how we can improve OVALE’s security model. Please get in touch at firstname.lastname@example.org.