📝 How iCashy Protects Your Money & Data

<article lang="en" dir="ltr">

<h1>How iCashy Protects Your Money &amp; Data</h1>

<p>When you deposit real money — whether in Syrian Pounds (SYP), US Dollars (USD), or Tether (USDT) — you deserve to know exactly how that money is kept safe. iCashy was built from day one with a security-first mindset. This guide walks you through every layer of protection that stands between your funds and anyone who might try to reach them without your permission.</p>

<h2>1. Bank-Grade Encryption in Transit and at Rest</h2>

<p>Every connection between your browser or device and iCashy servers is protected by TLS 1.3, the same encryption standard used by global banks and payment processors. This means your login credentials, deposit amounts, and personal details are scrambled before they ever leave your device. Even if someone intercepted the data stream, they would see nothing but meaningless ciphertext.</p>

<p>Sensitive data at rest — including wallet balances, transaction records, and identity information — is stored in encrypted columns inside our Supabase Postgres 17 database. Encryption keys are managed through Supabase Vault and are never co-located with the data they protect.</p>

<h2>2. Server-Side Financial Logic — No Client-Side Cheating</h2>

<p>One of the most common attack vectors in online platforms is manipulating client-side code to forge balances or bypass validation. iCashy eliminates this risk entirely by running <strong>all financial operations through server-side RPC functions</strong> with the <code>SECURITY DEFINER</code> attribute. This means:</p>

<ul>

<li>Your balance is <strong>never calculated in the browser</strong> — it is always read from a signed, server-verified source.</li>

<li>Deposits, withdrawals, bets, and referral credits can only be triggered through authenticated backend functions — never via direct database writes from the frontend.</li>

<li>Row-Level Security (RLS) policies ensure that each user can only ever read or modify their own records.</li>

</ul>

<h2>3. Secure Deposit Channels</h2>

<p>iCashy supports three deposit methods, each verified through a dedicated workflow:</p>

<ul>

<li><strong>Syriatel Cash</strong> — Transfers are cross-checked against operator logs via our automated n8n verification pipeline. A deposit is credited only after the transaction reference is confirmed on the operator side.</li>

<li><strong>Sham Cash</strong> — Our Python-based ShamCash monitor running on a dedicated VPS continuously polls for incoming transfers and matches them to pending deposit requests before crediting any balance.</li>

<li><strong>USDT (Tether)</strong> — On-chain transaction hashes are verified against the public blockchain before any credit is applied. There is no way to fake a blockchain receipt.</li>

</ul>

<p>Every deposit attempt is logged with a timestamp, amount, method, and verification status. Suspicious patterns — such as duplicate reference numbers or mismatched amounts — trigger an automatic hold pending manual review.</p>

<h2>4. Withdrawal Verification</h2>

<p>Withdrawals go through a <strong>multi-step verification process</strong> before funds leave the platform:</p>

<ol>

<li>Your withdrawal request is logged and assigned a unique reference.</li>

<li>Our automated withdrawal verifier checks your available balance, any active wagering requirements, and account standing.</li>

<li>The request is queued for processing — for larger amounts, an additional manual review layer applies.</li>

<li>Once approved, funds are dispatched to the exact wallet or phone number on file for your account. Withdrawals are <em>never</em> sent to a different destination without a verified account change request.</li>

</ol>

<h2>5. Anti-Fraud Measures</h2>

<p>iCashy runs continuous fraud detection across multiple vectors:</p>

<ul>

<li><strong>Referral abuse prevention:</strong> A 7-day lock period applies to referred users before any referral bonus is paid out. Accounts showing coordinated self-referral patterns are flagged automatically.</li>

<li><strong>Duplicate account detection:</strong> Our system checks device fingerprints, phone numbers, and payment methods to identify users attempting to create multiple accounts.</li>

<li><strong>Velocity limits:</strong> Unusual spikes in withdrawal requests, prediction entries, or deposit attempts trigger rate-limiting and automatic review.</li>

<li><strong>Admin audit trail:</strong> Every privileged action — balance adjustments, account suspensions, promotion grants — is logged with the operator identity and timestamp, creating a full audit trail.</li>

</ul>

<h2>6. Account Security &amp; Authentication</h2>

<p>Your iCashy account is protected by Supabase Auth, which uses industry-standard JWT tokens with short expiry windows. Tokens are refreshed automatically during active sessions and invalidated immediately on logout. Password policies require a combination of character types, and we enforce minimum length standards.</p>

<p>We strongly recommend using a unique, strong password for your iCashy account and not sharing it with anyone. Our support team will <strong>never</strong> ask for your password.</p>

<h2>7. Data Privacy</h2>

<p>iCashy collects only the data necessary to operate the platform and comply with applicable regulations. Your personal information is never sold to third parties. Transaction data is retained for audit purposes in accordance with financial record-keeping requirements. You may request a summary of your data at any time through our <a href="/support">support channel</a>.</p>

<h2>8. Infrastructure Security</h2>

<p>The iCashy backend runs on Supabase infrastructure with automated backups, point-in-time recovery, and 24/7 monitoring. Our Python tooling operates on a hardened VPS with restricted SSH access and no publicly exposed management ports. Edge Functions run in isolated Deno environments, limiting the blast radius of any potential vulnerability.</p>

<h2>Reporting a Security Concern</h2>

<p>If you discover a potential security issue, please contact us immediately through our <a href="/support">support page</a>. We take all reports seriously and aim to respond within 24 hours. Responsible disclosure is appreciated and will always be acknowledged.</p>

<p><strong>Your money, your data, your trust — iCashy takes all three seriously.</strong></p>

</article>