Security Policy

    Effective Date: September 21, 2025

    Our Commitment to Security

    At ZyraCapital, we understand that trust is earned through transparency and action. This Security Policy outlines the comprehensive measures we take to protect your accounts, funds, and personal information.

    Security Framework

    At ZyraCapital, security is our top priority. We employ industry-leading practices to protect user accounts, funds, and data.

    Our multi-layered security architecture is designed to prevent unauthorized access and ensure the integrity of all platform operations.

    We continuously monitor, audit, and improve our security measures to stay ahead of emerging threats.

    All sensitive data is encrypted both in transit (using TLS 1.3) and at rest (using AES-256 encryption).

    Personal information, including KYC documents, is stored in secure, encrypted databases with restricted access.

    We never store plaintext passwords. All credentials are hashed using industry-standard algorithms (bcrypt/Argon2).

    Regular security audits ensure our encryption standards remain up-to-date.

    The majority of user funds are held in cold storage wallets, which are offline and not accessible via the internet.

    Hot wallets used for daily operations are limited to minimal balances and monitored 24/7.

    Multi-signature authentication is required for any significant fund movements.

    Regular reconciliation processes ensure fund integrity and detect any discrepancies.

    We strongly recommend enabling Two-Factor Authentication (2FA) for all accounts.

    Supported 2FA methods include authenticator apps (Google Authenticator, Authy).

    Session management ensures inactive sessions are automatically logged out.

    Our security team monitors all platform activity 24/7 for suspicious behavior.

    Automated systems detect and block common attack vectors including DDoS, brute force, and SQL injection attempts.

    Unusual withdrawal patterns or login attempts trigger immediate alerts and additional verification requirements.

    We maintain detailed audit logs of all sensitive operations for forensic analysis if needed.

    We conduct regular third-party security audits to identify and address vulnerabilities.

    Penetration testing is performed quarterly by certified ethical hackers.

    Code reviews and security testing are mandatory before deploying any new features.

    Vulnerability disclosure programs allow security researchers to report issues responsibly.

    View our SOC 2 Compliance

    We maintain a comprehensive incident response plan for security breaches or system failures.

    In the event of a security incident, affected users are notified promptly via email and platform notifications.

    Regular backups ensure data can be restored in case of system compromise.

    Our team is trained to respond quickly to contain, investigate, and resolve security incidents.

    Users must keep their login credentials confidential and never share them with third parties.

    Enable Two-Factor Authentication (2FA) to add an extra layer of account security.

    Be cautious of phishing attempts. ZyraCapital will never ask for your password via email or social media.

    Report any suspicious activity or security concerns immediately to our support team.

    Use strong, unique passwords and update them regularly.

    ⚠️ Stay Vigilant

    While we implement robust security measures, users must also take responsibility for protecting their accounts. Enable 2FA, use strong passwords, and be wary of phishing attempts. If something seems suspicious, contact our support team immediately.

    ✅ Acknowledgment

    By using ZyraCapital, you acknowledge that you have read and understood our security practices and agree to follow recommended security guidelines.