An Important Message About Digital Gold Security

Jar and our users are not impacted by the recent security incident affecting another digital platform. But we know many of you have questions about digital gold security right now, and rightfully so. We're sharing our security practices – ones we've invested heavily in since day one – in the greater interest of the industry to protect every digital gold investor in India.

We want to speak directly to you – not just as a platform, but as people who understand what trust really means.

We’ve built Jar with one unwavering promise: your gold is your gold, and its safety is non-negotiable.

Every Action Secured, Every Time
Your journey with Jar begins with OTP verification, but it doesn't stop there. Whether you're buying, selling, or requesting delivery, we run multiple checks to ensure transactional safety. Our security framework includes device binding that restricts access to a single device at any time, advanced OTP verification that's programmatically verified directly within your device via encrypted SMS pipeline, continuous device ID validation at all critical exit points, and token-based API authentication for all data communications. Only you should be able to access your gold—it's your personal vault, and we protect it like one.

Device-Bound Payment Security
UPI Autopay adds another layer of security. It works only on your device and requires your UPI PIN – that's two-factor authentication working for you. Even if someone got your information, they couldn't do anything with it because our system employs device binding that prevents payment mandates from being moved to different phones. Only your device can carry out transactions. It's not just secure; it's personal.

Multiple Layers of Digital Protection
All your data is protected by end-to-end TLS encryption. Our servers operate in complete isolation from each other, continuously monitored and protected by Intrusion Detection and Prevention Systems. Even if one server were compromised, your data would remain encrypted and secure. We implement SSL pinning in our mobile applications to prevent Man-in-the-Middle attacks, and our network operates on a strict "deny-all" default policy where only explicitly permitted traffic essential for application functionality is allowed.

Our operating systems are FIPS-compliant and hardened at the Amazon Machine Image level. User sessions are managed exclusively server-side, with every request validated against active sessions to prevent unauthorized access. All cloud environment access requires VPN connections fortified by Trusted Platform Module chips for device binding.

Advanced Fraud Prevention
We employ sophisticated fraud detection using multi-facet client signatures that analyze behavioral and device attributes in real-time. Our systems maintain continuous vigilance over suspicious activities like rapid geo-location changes or unauthorized device switches, triggering immediate alerts and preventive measures. For UPI transactions, we implement rigorous Virtual Payment Address validation to ensure authenticity and prevent misdirected funds.

We also use transaction locking mechanisms with rate limiting to prevent automated attacks, behavioral anomaly detection for real-time transaction pattern analysis, and dynamic challenges like CAPTCHAs at critical points to differentiate between legitimate users and bots.

Your Gold Rests in the Safest Hands
Behind every rupee you invest is real, 24K pure gold stored safely in Brink's India vaults—a global leader in secure logistics. Your gold is individually allocated and comprehensively accounted for within Brink's insured vaulting network. This isn't a promise or a claim—it's real gold, fully insured by ICICI Lombard (one of India's leading insurers), and it's always yours. Our insurance coverage provides 100% protection against physical loss, theft, and unforeseen contingencies.

Independent Third-Party Oversight
Vistra Corporate Services India Private Limited serves as an independent administrator, diligently monitoring and safeguarding your interests. They ensure your gold investments remain completely separate from our company's assets. This isn't just policy—it's institutional-grade protection that many other platforms simply don't provide.

Complete Transparency, Always
From live gold prices updated every minute to your complete investment history, everything is at your fingertips. No delays, no black boxes. You can convert to cash or request physical delivery whenever you want—no restrictions, no red tape.

Secure Development Standards
We conduct rigorous auditing across our entire software development supply chain, including package dependencies and third-party libraries. Static and Dynamic Application Security Testing are integrated across our codebase for all releases, enabling early identification and remediation of vulnerabilities. Our backup policies ensure near-zero data loss recovery with continuous snapshot backups providing protection against ransomware and data corruption.

Moving Forward Together

Incidents like the recent one are sobering reminders that digital gold security isn't just about technology—it's about trust.

We don't just protect your gold; we protect your confidence, your peace of mind, your future. We've invested in the strongest systems and the most transparent practices because we believe you deserve nothing less.

Building trust in digital gold isn't just our responsibility—it's everyone's in this industry. When one platform faces security issues, it affects confidence in all of us. That's why we're sharing how we do things, hoping others will adopt similar practices.

Questions about your account security?
Our support team is available 24/7 at wecare@changejar.in