Last updated: April 2026 · How we protect you and your funds
The short version: We cannot access your wallet or steal your funds. Your private key is encrypted with a key only you control. Even if our servers were completely compromised, your funds would be safe.
🔐
AES-256 Encryption
Military-grade encryption on every stored trading-wallet key. The same standard used by banks and governments.
Zero Knowledge
Your private key is encrypted before storage. We never see it in plain text — ever. Not even our developers.
⚡
Solana Native
PANTEREX runs a dedicated trading wallet for you, separate from your main wallet — fund it, export it, and walk away any time.
Rate Limited
All endpoints are rate limited. Brute force attacks and automated abuse are blocked automatically.
Full Audit Log
Every login, trade, and key access is logged with timestamp and IP. You can request your full audit trail.
Bcrypt Passwords
Passwords are hashed with bcrypt. We cannot recover your password — ever. Only you know it.
How Your Private Key Is Protected
PANTEREX generates a dedicated trading wallet for you and protects its private key. Here is exactly what happens — step by step:
📱
Generated
A fresh wallet, just for you
→
🔐
Encrypted
AES-256 at rest
→
💾
Stored encrypted
Never plain text
→
🤖
Bot uses key
Decrypted in memory only
→
🗑️
Wiped
Deleted on account close
Important: The encryption key used to protect your private key is derived from a server-side secret that is never stored in the database. This means that even if someone stole our entire database, they could not decrypt your private key without also compromising our server environment separately.
What "managed wallet" means for you
PANTEREX is a managed trading wallet: we generate a dedicated Solana wallet for you and hold its key encrypted so the bot can buy and sell automatically — you don't have to approve each trade. What that means in practice:
Your main wallet is never connected — only the trading wallet PANTEREX makes for you is ever in play.
You decide how much it ever holds. Only fund what you're comfortable risking.
You can export the private key from your Account page at any time and import it into any Solana wallet.
You can withdraw everything back to your own address whenever you want.
This is a custodial design — it's what lets the bot trade 24/7 while you sleep. The trade-off is trust: you're trusting PANTEREX to hold the trading wallet's key. We encrypt it at rest, never show it in plain text, and let you take it and leave at any moment.
Platform Security Measures
✓HTTPS everywhere — All data is encrypted in transit using TLS 1.3. HTTP connections are redirected automatically.
✓Security headers — Strict Content Security Policy, X-Frame-Options, and XSS protection headers on every response.
✓Rate limiting — Login attempts are limited to 5 per 15 minutes per IP. Accounts lock automatically after repeated failures.
✓Input sanitisation — All user input is validated and sanitised to prevent SQL injection and XSS attacks.
✓CSRF protection — Cross-site request forgery tokens on all state-changing requests.
✓Audit logging — Every login, failed attempt, key access, and trade is logged with IP and timestamp.
✓Bcrypt password hashing — Passwords are hashed with a work factor of 12. We cannot recover your password.
✓Session expiry — Sessions expire automatically, and any login from a new device or location is re-verified via Telegram.
✓Telegram 2FA — Live — New-device and new-location logins are verified with a one-time code sent to your linked Telegram, plus an instant "lock my account" alert. Authenticator-app (TOTP) 2FA is also supported.
⚡Third-party security audit — Planned — Independent penetration testing scheduled before public launch.
🚨 What Happens If We Get Hacked
We take this scenario seriously and have planned for it. If a breach is detected:
All active sessions are immediately invalidated
All users are notified by email within 72 hours (GDPR requirement)
The ICO (UK data regulator) is notified within 72 hours if personal data is affected
A full incident report is published publicly
Encrypted private keys in the database cannot be decrypted without the server-side secret — they are useless to an attacker without simultaneous server access
🐛 Report a Vulnerability
If you discover a security vulnerability in PANTEREX, please report it responsibly. Do not post it publicly. Email us at legal@panterex.com with full details. We will respond within 48 hours and credit you publicly if you wish.
We do not currently have a formal bug bounty programme but we will reward significant findings at our discretion.
