Security

How Ippo Crypto Protects Your Assets

Understanding our security architecture

At Ippo Crypto, security is not just a feature — it's the foundation of our design. As a non-custodial wallet, every layer is built to ensure that you are always in control.

Non-Custodial Architecture

Your private keys are generated directly on your device and never leave it. Even if our servers were compromised, your assets remain safe because we simply do not have them.

Device-Side Encryption

All sensitive data is encrypted using AES-256 encryption and stored in your device's secure storage (Keychain on iOS, EncryptedSharedPreferences on Android).

HTTPS Secured API

Every request between the app and our backend travels over TLS/SSL-encrypted HTTPS connections. We enforce secure headers and API key authentication.

Device-Side Wallet Control

All wallet operations — key generation, transaction signing, balance checking — happen locally on your device. Your device is the only authority.

How It Works in Practice

Wallet Creation

When you create a wallet, Ippo Crypto generates a cryptographically random 12 or 24-word recovery phrase using BIP-39 derivation. This phrase is displayed once for you to write down, then encrypted and stored locally. It is never sent to any server.

Sending a Transaction

Transactions are signed locally using your private key. Only the signed transaction (which does not contain your private key) is broadcast to the blockchain network.

PIN & Biometric Protection

Access is protected by a user-defined PIN and optional biometric authentication. The PIN is hashed and verified locally — never transmitted over the network.

Session Management

The wallet automatically locks after inactivity. Re-authentication via PIN or biometrics is required when reopened.

Our Security Commitments

  • No remote key access: We cannot access, recover, or reset your private keys
  • No tracking: We do not track your wallet activity or link it to your identity
  • No data selling: We never sell user data to third parties
  • Transparent architecture: Your security does not depend on our infrastructure
  • Regular updates: We continuously improve our security practices

Your responsibility: Because Ippo Crypto is non-custodial, you are the sole guardian of your recovery phrase. Store it securely offline. If it is lost, no one — including Ippo Crypto — can recover your funds.

Questions?

Email: ippocryptowallet@gmail.com

Phone: +91 6380193908

Contact: Mohammed Sadik