Witdrim
OverviewServicesIdentity
OverviewCitizenshipFAQ
OverviewExploreBuilders
Our VisionValuesFAQ
Contact UsSupportPartnerships

Witdrim Legal

Security

How Witdrim protects ecosystem accounts, sessions, rewards, admin access, and connected service flows.

Last updated: May 8, 2026Applies to Witdrim ecosystem layer

1. Security Program

Witdrim uses technical and organizational safeguards designed for an account and rewards ecosystem: secure cookies, passkeys, MFA options, rate limits, bot checks, JWT validation, webhook verification, audit logs, and least-privilege operations.

2. Account Security

  • Password hashing and password strength checks.
  • Email verification and short-lived OTP or reset flows.
  • Passkeys and step-up verification for sensitive account actions.
  • Refresh-token rotation and reuse detection.
  • Session revocation on logout, password reset, and password change.
  • Secure, HTTP-only, SameSite cookies in production.

3. API And Ecosystem Security

  • JWT issuer, audience, algorithm, and key validation through JWKS where configured.
  • Webhook signing, shared secrets, replay protection, and idempotency for connected services.
  • Rate limits for auth, support, reports, public endpoints, admin routes, and sensitive actions.
  • Admin actions and sensitive operational events are audited.

4. Limits

No online service can guarantee perfect security. Users should keep devices updated, use strong unique passwords, register passkeys where available, and report suspicious activity quickly.

5. Report A Vulnerability

Report security concerns to security@witdrim.com. Please include steps to reproduce, affected URLs, and impact. Do not access, modify, exfiltrate, or destroy data that does not belong to you.

Related documents

PrivacyHow Witdrim processes account, authentication, rewards, support, security, and ecosystem service data.SubprocessorsThe provider categories Witdrim uses to operate account, security, rewards, support, and ecosystem services.Data RightsHow to request access, correction, deletion, export, restriction, objection, opt-out, or appeal.