LEGAL

Security

Our security measures and best practices for protecting your data

Last updated: January 25, 2024

Security Commitment

At PRANA, security is our top priority. We implement industry-leading security measures to protect your data, assets, and privacy. This page outlines our security practices and provides guidance on how you can help keep your account secure.

Our Security Measures

Data Encryption

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • TLS 1.3 for secure communications
  • Encrypted database storage
  • Secure key management systems

Infrastructure Security

  • Cloud infrastructure with enterprise-grade security
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • DDoS protection and mitigation
  • 24/7 security monitoring and incident response

Access Controls

  • Multi-factor authentication for all accounts
  • Role-based access controls
  • Regular access reviews and audits
  • Principle of least privilege
  • Secure authentication protocols

Smart Contract Security

  • Comprehensive smart contract audits
  • Formal verification of critical functions
  • Bug bounty programs
  • Upgradeable contract architecture
  • Emergency pause mechanisms

Wallet Security

We never store your private keys or seed phrases. Your wallet security is entirely in your control. Here are some best practices:

Wallet Best Practices

  • Use hardware wallets for large amounts
  • Never share your private keys or seed phrases
  • Enable all available security features
  • Keep your wallet software updated
  • Use strong, unique passwords
  • Enable transaction confirmations

Supported Wallets

We support the following secure wallet providers:

  • MetaMask - Browser extension wallet
  • WalletConnect - Mobile wallet connection
  • Coinbase Wallet - Mobile and browser wallet
  • Ledger - Hardware wallet
  • Trezor - Hardware wallet

Account Security

Two-Factor Authentication (2FA)

We strongly recommend enabling 2FA for your account. Available methods include:

  • Authenticator apps (Google Authenticator, Authy)
  • SMS verification
  • Email verification
  • Hardware security keys

Password Security

  • Use strong, unique passwords
  • Enable password managers
  • Regularly update passwords
  • Never reuse passwords across platforms
  • Use a combination of letters, numbers, and symbols

Phishing Protection

Be aware of common phishing attempts and protect yourself:

How to Identify Phishing

  • Check the URL carefully - look for typos or suspicious domains
  • Be wary of urgent or threatening messages
  • Never click on suspicious links in emails or messages
  • Verify the sender's identity before responding
  • Look for spelling and grammar errors

Official Channels

Always verify you're using our official channels:

  • Website: https://prana.green
  • Discord: Official PRANA Discord server
  • Twitter: @PRANAGreen
  • Email: Always from @prana.green domain

Incident Response

In the event of a security incident, we have a comprehensive response plan:

Our Response Process

  • Immediate containment and assessment
  • User notification within 72 hours
  • Detailed investigation and analysis
  • Implementation of additional security measures
  • Post-incident review and improvements

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

Security Tips for Users

General Security

  • Keep your devices and software updated
  • Use antivirus and anti-malware software
  • Be cautious with public Wi-Fi networks
  • Regularly backup your important data
  • Monitor your accounts for suspicious activity

Web3 Security

  • Verify smart contract addresses before interacting
  • Start with small amounts for new protocols
  • Use reputable DeFi platforms
  • Be cautious of "too good to be true" offers
  • Keep your private keys offline when possible

Security Audits

We regularly conduct security audits and assessments:

  • Third-party security audits
  • Penetration testing
  • Code reviews and static analysis
  • Infrastructure security assessments
  • Compliance audits (SOC 2, ISO 27001)

Contact Security Team

For security-related questions or concerns:

⚠️ Security Notice

If you suspect your account has been compromised, immediately disconnect your wallet and contact our security team. We will help you secure your account and investigate any unauthorized activity.