How ShapeShift is Keeping Your Data Safe

By Michael Perklin, Chief Security Officer at ShapeShift

ShapeShift
Sep 4, 2018 · 2 min read

ShapeShift Membership offers a variety of exciting, exclusive benefits. However, membership requires the verification of basic customer information.

This changed the way ShapeShift that handles data. Now that we have to collect and store your information, we still need to do everything possible to keep it safe.

To inform our design decisions, we asked the question — “What can hackers do if they break into our systems?” In the interest of transparency, here’s how we’re handling your data with ShapeShift Membership.

  • The Membership Platform collects your information and immediately encrypts it with a 4096-bit RSA key using the widely-used open-source GPG software.
  • This encrypted data is stored in our database and — in most cases — never used again. Once it’s collected, we don’t need to reference it for any business reason.
  • If you run into a problem and contact customer support — for example, for help — they don’t see your name or details by default, allowing them to focus on your problem rather than your identity.

There are only a few cases we need to use your identity information

  • In this case, our customer support agents will download your encrypted data to their machine and use a cold storage device containing the private key to decrypt your info. This is managed on a case-by-case basis, preventing wholesale access to customer information by an employee at the company.
  • The other example would be if we are legally compelled to do so by a valid subpoena or similar document.

Because ShapeShift’s servers never have the decryption key to the personal information (it’s held in cold storage), if an attacker breaches the servers and copies the entire database, they won’t be able to see or access your information. If one of our cold storage devices is lost or stolen, it is configured to wipe itself under certain circumstances.

In this way, we’ve followed best practices in the storage of your data.


Originally published at https://info.shapeshift.io on September 4, 2018.

ShapeShift Stories

ShapeShift Stories: Sharing cryptocurrency education, news, and inspiration.

ShapeShift

Written by

Explore the new frontier in crypto management: shapeshift.com

ShapeShift Stories

ShapeShift Stories: Sharing cryptocurrency education, news, and inspiration.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade