Secure Transactions

Every transaction on CoinDuffle is protected by industry-leading security measures. From the moment you enter your payment details to the final confirmation of your order, multiple layers of security work together to keep your information safe.

Payment Security with Stripe

CoinDuffle partners with Stripe for all payment processing. Stripe is one of the world's most trusted payment platforms, processing hundreds of billions of dollars annually for businesses of all sizes.

PCI DSS Compliance

Stripe is certified as a PCI Level 1 Service Provider, the highest level of certification in the payment card industry. This means:

• Stripe meets or exceeds all requirements of the Payment Card Industry Data Security Standard (PCI DSS).
• Regular audits by independent security assessors verify compliance.
• Your card data is handled according to the strictest security standards in the industry.

How Your Card Data Is Protected

When you enter your payment information on CoinDuffle:

1. Your card details go directly to Stripe — CoinDuffle's servers never see or store your full card number, expiration date, or CVC code.
2. Tokenization — Stripe replaces your card details with a unique token. CoinDuffle only stores this token, which is useless if intercepted.
3. Encrypted storage — Stripe encrypts all sensitive data at rest using AES-256 encryption.
4. Secure transmission — Card data is transmitted using TLS (Transport Layer Security) encryption.

In simple terms: your card number never touches CoinDuffle's systems. It goes directly from your browser to Stripe's secure servers.

HTTPS and Encryption

All Traffic Is Encrypted

Every page on CoinDuffle is served over HTTPS (Hypertext Transfer Protocol Secure). This means:

• All data sent between your browser and CoinDuffle is encrypted using TLS (Transport Layer Security).
• No one can intercept or read the data in transit — not your ISP, not anyone on the same Wi-Fi network, and not any intermediary.
• You can verify this by looking for the padlock icon in your browser's address bar.

What's Encrypted

• Login credentials (email and password)
• Payment information
• Personal information (name, address, phone)
• Order details
• Search queries and browsing activity on the site

Data Protection

Secure Infrastructure

CoinDuffle's infrastructure is hosted on modern cloud platforms with enterprise-grade security:

• Network security — Firewalls, intrusion detection systems, and DDoS protection guard against attacks.
• Access controls — Strict access controls limit who can access production systems and customer data.
• Regular security updates — Our systems are kept up to date with the latest security patches.
• Monitoring — 24/7 monitoring detects and alerts on any unusual activity.

Password Security

Your CoinDuffle password is protected by:

• Hashing — Passwords are stored as cryptographic hashes, not in plain text. Even if someone were to access our database, they couldn't read your password.
• Salting — Each password hash includes a unique salt, making it resistant to pre-computed attacks.
• Rate limiting — Multiple failed login attempts trigger rate limiting and temporary lockouts to prevent brute-force attacks.

Fraud Detection Integration

CoinDuffle's security goes beyond just encrypting data. Our fraud detection systems work alongside payment security to:

• Analyze transactions in real time for suspicious patterns
• Verify that billing addresses match card issuer records
• Apply device fingerprinting to identify potentially fraudulent actors
• Flag unusual purchasing patterns for review

For more details, see Fraud Prevention.

What You Can Do

While CoinDuffle implements robust security on our end, you play an important role in keeping your transactions secure:

Use Secure Networks

• Avoid public Wi-Fi for making purchases. If you must use public Wi-Fi, use a VPN to encrypt your connection.
• Use your home network or your mobile carrier's data connection for the most secure experience.

Keep Your Devices Secure

• Keep your browser updated — Browser updates include important security patches.
• Use antivirus software — Protect against malware that could steal your credentials.
• Don't save passwords in your browser on shared devices.

Verify the Site

Before entering any sensitive information:

• Check the URL — Make sure you're on coinduffle.com (or the appropriate domain) and not a look-alike phishing site.
• Look for the padlock — Verify that the HTTPS padlock icon is showing in your browser's address bar.
• Don't click links in suspicious emails — If you receive an email asking you to log in or verify your account, navigate to CoinDuffle directly by typing the URL instead of clicking the email link.

Monitor Your Accounts

• Review your order history on CoinDuffle periodically.
• Check your bank and credit card statements for unauthorized charges.
• Report anything suspicious to CoinDuffle support and your financial institution immediately.

Our Commitment

CoinDuffle is committed to maintaining the highest standards of transaction security. We continuously invest in our security infrastructure, stay current with industry best practices, and work with leading security partners to ensure your financial information is always protected.

If you have any security concerns or questions, don't hesitate to contact our support team at support@coinduffle.com.