How Ippo Crypto
Protects Your Assets
Understanding our security architecture
At Ippo Crypto, security is not just a feature — it's the foundation of our design. As a non-custodial wallet, we have built every layer of the application to ensure that you are always in control of your digital assets.
Non-Custodial Architecture
Your private keys are generated directly on your device and never leave it. Ippo Crypto's servers have zero access to your keys, recovery phrase, or wallet funds. Even if our servers were compromised, your assets remain safe because we simply do not have them.
Device-Side Encryption
All sensitive data — including private keys, PINs, and wallet metadata — is encrypted using AES-256 encryption and stored in your device's secure storage (Keychain on iOS, EncryptedSharedPreferences on Android). This data is inaccessible even if the device is connected to a computer.
HTTPS Secured API
Every request between the Ippo Crypto app and our backend API travels over TLS/SSL-encrypted HTTPS connections. We enforce secure headers, API key authentication, and encrypted payloads. No data is ever transmitted in plain text.
Device-Side Wallet Control
All wallet operations — key generation, transaction signing, balance checking — happen locally on your device. The app connects to blockchain networks only to broadcast signed transactions and query public on-chain data. Your device is the only authority.
How It Works in Practice
Wallet Creation
When you create a wallet, Ippo Crypto generates a cryptographically random 12 or 24-word recovery phrase using industry-standard BIP-39 derivation. This phrase is displayed once for you to write down and is then encrypted and stored locally. It is never sent to any server.
Sending a Transaction
When you send crypto, the transaction is signed locally on your device using your private key. Only the signed transaction (which does not contain your private key) is broadcast to the blockchain network. Your private key remains on your device at all times.
PIN & Biometric Protection
Access to the wallet is protected by a user-defined PIN and optional biometric authentication (fingerprint or face recognition). The PIN is hashed and verified locally — it is never transmitted over the network.
Session Management
Ippo Crypto automatically locks the wallet after a period of inactivity. Every time the app is reopened or comes to the foreground after a timeout, re-authentication via PIN or biometrics is required.
Our Security Commitments
- No remote key access: We cannot access, recover, or reset your private keys
- No tracking: We do not track your wallet activity or link it to your identity
- No data selling: We never sell user data to third parties
- Transparent architecture: Our non-custodial design means your security does not depend on our infrastructure
- Regular updates: We continuously improve our security practices and cryptographic implementations
Your responsibility: Because Ippo Crypto is non-custodial, you are the sole guardian of your recovery phrase. Store it securely offline. If it is lost, no one — including Ippo Crypto — can recover your funds.
Questions?
If you have security-related questions or want to report a vulnerability, please contact us at:
Email: ippocryptowallet@gmail.com
Phone: +91 6380193908
Contact: Mohammed Sadik