How does Divly protect my data?
Divly uses modern frameworks and tools to make sure you account data remains safe. An important things to note is that we do not require any personal data to provide you with our service.
Divly does not require any real names, social security numbers or phone numbers to offer you our services. To create an account everything that is required is an email. Note also that you are free to use an anonymous email service if you wish or even a fake email address. However, if you use a fake address passwords you are unable to restore your password should you lose it. We rely fully on automated tools to restore passwords and will never give out a password on request via our support channels.
Passwords are hashed when saved into our database ensuring that passwords cannot be read in plaintext in the unlikely event of a data leak. Transaction data is generally stored in a generic format without any connections to real transactions. The only exception to this would be the description fields where payment methods and blockchain transaction hashes are stored in some cases during import. If you wish you can remove these descriptions by editing the transactions they occur. Once editing descriptions, they are changed for good and cannot be restored.
Best practices for importing transactions with API keys
If you wish to import transactions via an exchange API, there are a few things that are good to know and things you can do to make sure you use API keys in the safest way possible.
Divly’s routines to keep your keys safe
We take your data integrity seriously and continously monitor and add new tools to ensure the safety of our platform. In addition to the general data protection precautions in Divly, there are additional actions taken to ensure the safety of your API keys when sharing them with Divly listed below:
Your keys are encrypted when stored in Divly. As such, in the unlikely event of a data leak, the raw data would be encrypted and unusable to an attacker.
Encryption keys are switched out regularly.
Once you’ve added your keys, we do not show the stored keys to you in the Divly interface. If someone gains access to your Divly account without your prior consent, it’s thus impossible for them to get access to your keys and use them in harmful ways. However, despite this, you should keep your account safe by using a strong password on your Divly account login. It is encouraged to use a password manager for password generation and general password management, such as 1Password or similar services.
Things to consider when you wish to import via an API
There are also things you need to think about when using your API keys:
Only allow read access on your API keys. Divly only needs read access to your account to import transaction history. We never ask you to add an API key on an exchange that has write access unless the exchange does not restrict you from creating a read-only key. Instead, we ask for read-only access whenever possible to ensure that we can only read your transaction data via the API and that other actions cannot be taken. Follow our wallet & exchange guides carefully for the integration you are adding an integration.
Do not enter your API keys into Divly when in a public space or on a public network that you do not trust.
If you think someone has gained access to your API keys, invalidate them at the exchange or wallet where you created them to make sure they are unusable.
If you don’t feel comfortable sharing API keys, there are always options to upload your transaction data via files instead. Either through a file integration for the particular exchange or by using Divly's custom format.