Security at EnergyTRX

Strong protection where it matters, plain language about what we do — and don't — touch.

How Your Payment Works

EnergyTRX is a service: you pay, we deliver energy. We've designed the payment route so you stay in control of your own wallet end-to-end.

You initiate every transfer from your own wallet. We never reach into your wallet, never request signing permissions, never ask for your seed phrase. Once your payment is confirmed on the TRON blockchain, our infrastructure delivers energy to the address you specified.

Your wallet

TronLink / Ledger / Trust Wallet / etc.

Secure payment route

Operated by EnergyTRX

Energy delivered

Directly to the address you choose

What We Protect

Your account credentials

Your email and a hashed copy of your password — we never store passwords in plain text.

Your transaction history

Every deposit, order, and energy delivery, kept securely so you can reference your activity at any time. Stored under AES-256 encryption.

Our payment infrastructure

All sensitive operational data is encrypted at rest, with the encryption key stored separately from the database itself.

What We Don't Touch

EnergyTRX has no access to:

×The private keys of your personal cryptocurrency wallet
×Your wallet's seed phrase or recovery data
×Authority to sign transactions on your behalf
×Personal identification documents (we don't request KYC)

Your TronLink, Trust Wallet, Ledger, MetaMask + Tron Snap, or any other wallet you use remains 100% under your control. We have no API, plugin, or browser extension that asks for signing permissions. You initiate every transfer; we only ever receive.

Encryption & Data Protection

Every sensitive piece of data we hold — account credentials, transaction history, and operational data for the payment route — is encrypted with AES-256-GCM, the industry-standard authenticated encryption.

The master encryption key is supplied at boot from environment variables and is not stored in the database. A leaked database snapshot alone gives an attacker nothing usable.

GCM provides authenticated encryption, meaning any tampering with stored ciphertext is detected at decrypt time rather than silently accepted. Each ciphertext carries its own random IV.

Quick Buy: Zero-Custody Path

Quick Buy is a no-signup option. You send TRX directly from your own wallet to a payment address we publish; energy is delivered automatically back to the sending address. EnergyTRX never sees your wallet, never sees your key, and never holds custody of any funds in this flow — we only publish the payment instructions, and your wallet does the rest.

No KYC, No Personal Documents

EnergyTRX does not require KYC verification. We don't ask for:

×Government-issued ID
×Proof of address
×Selfies or photos
×Personal documents

Only an email address is needed to create an account. Privacy is fundamental to our service design.

Responsible Disclosure

Found a vulnerability? Email [email protected] with the subject line "Security disclosure". We acknowledge within 24 hours and work with researchers in good faith. Please don't publicly disclose until we've had a reasonable window to ship a fix.

In Summary

✓We operate the payment infrastructure — you operate your personal wallet. They never overlap.
✓Every sensitive piece of data is AES-256-GCM encrypted; the master key lives outside the database.
✓All transactions are visible on the public TRON blockchain. You can verify any deposit, energy delivery, or transfer in real-time using any blockchain explorer (Tronscan, TronGrid, etc.).
✓Quick Buy is zero-custody — wallet → payment route → energy back to wallet.
✓Your seed phrase, your personal wallet, and your signing authority are always 100% yours.

For questions, write to [email protected].