Security & Privacy

Ainexa is built with security as a core principle. Your assets and data are protected through multiple layers of authentication, encryption, and safe transaction practices.

Authentication Methods

Google Login

• OAuth 2.0 Integration: Industry-standard secure authentication
• No Password Storage: Ainexa never stores your Google password
• Quick Access: One-click sign in with existing Google account
• 2FA Support: Inherits your Google account's security settings

Passkey Authentication

Modern passwordless authentication using your device's biometrics:

• Biometric Verification: Fingerprint, Face ID, or device PIN
• Device-Bound: Passkeys are tied to your specific device
• Phishing Resistant: Cannot be tricked by fake login pages
• Cross-Platform: Works across devices via iCloud/Google sync

Setting Up Passkeys:

1. Go to Security settings
2. Click "Add Passkey"
3. Authenticate with your device biometric
4. Passkey is registered for future logins

Email OTP

Backup authentication using one-time passwords:

• Email Delivery: Codes sent to your registered email
• Time-Limited: Codes expire after 10 minutes
• Single Use: Each code can only be used once
• Fallback Option: Works when other methods unavailable

Transaction Security

Approval Flow

Every transaction requires explicit user approval:

1. Request: You initiate an action (swap, send, stake)
2. Preview: Full transaction details displayed
3. Review: Check amounts, addresses, fees
4. Approve: Explicit confirmation required
5. Execute: Transaction submitted only after approval

Transaction Previews

Before any transaction, you'll see:

• Action Type: What operation will occur
• Amounts: Exact token amounts involved
• Addresses: Full recipient addresses
• Fees: Estimated gas/network fees
• Warnings: Alerts for unusual conditions

Safety Checks

The AI performs automatic checks:

• Address Validation: Confirms valid blockchain addresses
• Balance Verification: Ensures sufficient funds
• Approval Status: Checks token allowances
• Slippage Protection: Warns about high price impact
• Suspicious Activity: Flags unusual patterns

Passkey Transaction Signing (Coming Soon)

Enhanced security for high-value transactions:

• Require biometric confirmation for transactions above threshold
• Per-transaction passkey verification
• Additional layer beyond standard approval

Privacy & Data Protection

Encryption

• In Transit: All data encrypted using TLS 1.3
• At Rest: Sensitive data encrypted in storage
• Key Management: Industry-standard key handling

GDPR Compliance

Your data rights:

• Access: Request a copy of your data
• Correction: Update incorrect information
• Deletion: Request account and data removal
• Portability: Export your data

Data Minimization

We collect only what's necessary:

• No unnecessary personal information
• Transaction data for service operation
• Preferences for personalization

What We Don't Store

• Private keys (you maintain custody)
• Seed phrases
• Passwords (using OAuth/Passkeys)

Account Security Best Practices

Recommended Setup

1. Enable Multiple Auth Methods: Use both passkey and Google login
2. Secure Your Email: Strong password + 2FA on email account
3. Use Unique Email: Consider dedicated email for crypto services
4. Regular Review: Check connected apps and sessions periodically

Warning Signs

Be alert to:

• Unexpected login notifications
• Transactions you didn't initiate
• Requests for seed phrases (never legitimate)
• Messages claiming to be "Ainexa support" via DM

If Compromised

1. Immediately: Revoke all sessions in security settings
2. Change: Update authentication on linked accounts
3. Review: Check recent transactions
4. Contact: Reach out to official support channels
5. Secure: Transfer assets to new wallet if necessary

Security Features Summary

Reporting Security Issues

Found a vulnerability? Contact us through official channels:

• Do not disclose publicly before resolution
• Provide detailed reproduction steps
• We appreciate responsible disclosure