Security at Cindicator

Thousands of clients trust Cindicator to automate their crypto trading

By embracing Cindicator's values and being active in engaging with our customers, our staff and our product, we enhance the security posture of our company, products, and client-facing services.

Security is embedded in our culture

Cindicator cybersecurity

Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics. Cindicator does not sell or rent users’ personal or sensitive data to advertisers or to other third parties that might enable advertisement delivery.

What we do for safety

Team of security specialists

Team of security specialists

They are focused on ensuring security across the company - in our product and infrastructure, as well as in all operations.

Zero trust

Zero trust principles

Cindicator adheres to the principle of least privilege in access management processes and implements zero trust principles in products and systems.

Risc management and compliance

Risk management and standards compliance

Company executives are directly involved in overseeing the security strategy.

Systematic checks

Systematic checks

We continually work to identify and fix security vulnerabilities in our product and infrastructure.

Found a security issue?

We deeply appreciate any effort to discover and coordinate the disclosure of security vulnerabilities. Unfortunately, at the moment we do not have an open bug bounty program, but we've previously had a positive experience of working with researchers.

Security attractive image

Cindicator takes all vulnerability reports very seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it. After an initial reply to your disclosure (which should be directly after we receive it), we will update you periodically with our response and remediation status.

If you find a security issue in our products or services or have security concerns regarding Cindicator software or systems, please email [email protected]

To support a timely and effective response to your report, please include any of the following:

  • Steps to reproduce or proof-of-concept;
  • Indicate the impact on us;
  • Any relevant tools, including versions used;
  • Tool output.

You can hunt on our domains:

  • *.stoic.ai;
  • *.cindicator.com;
  • *.macrosentiments.com;
  • *.emergence.finance.

What we don't accept:

  • CSRF vulnerabilities for non-critical actions (logout and others);
  • Reports of missing protection mechanism / current best practices (e.g. missing CSRF token, framing/clickjacking protection) without demonstrating any real impact on user or system security;
  • Vulnerabilities such as Self-XSS without demonstrating a real impact on the security of users or systems;
  • Lack of SSL/TLS, use of insecure SSL/TLS ciphers;
  • Attacks that require extremely unlikely user interaction;
  • Denial-of-service attacks or vulnerabilities related to rate limiting;
  • Insecure cookie settings (for non-critical cookies);
  • Absence of DMARC records on subdomains;
  • Reports from vulnerability scanners and other security tools;
  • Disclosure of non-confidential information, such as product version;
  • The possibility of reverse engineering the application or the lack of binary protection;
  • CSP related reports for non-CSP domains and domain policies with insecure eval and/or insecure inline without proof of real impact.

When submitting, please use encryption with our PGP Public Key: https://cindicator.com/.well-known/publickey.txt

After receiving the report, our team will contact you in a maximum of 7 days.

When calculating the reward, we take into account the data of third-party bug bounty programs on similar findings and the impact of the found vulnerability on us.

Navigation

Follow us

mediumtwitterfacebooktelegramreddityoutube

Disclaimer

This website is operated by Cindicator Ltd. (“Cindicator”), a Gibraltar private company. You are solely responsible for compliance with all laws that may apply to you and your use of Cindicator products. Cryptocurrencies and blockchain technologies have been the subject of scrutiny by various regulatory bodies across the globe. Cindicator makes no representation regarding the application to your use of Cindicator products of any laws, including, without limitation, those relating to gaming, options, derivatives or securities. Depending on the jurisdiction, the use of Cindicator products may be restricted. You agree that Cindicator is not responsible for determining whether or which laws may apply to you and your use of Cindicator products. Cindicator may restrict the use of its products for citizens and residents of certain jurisdictions products. Please read our Terms of Use for further details.

© 2015-2024 All rights reserved.[email protected]

We use cookies on our website. By continuing to use the site, or by clicking “I agree”, you consent to the use of cookies. For more info click here.