CUTcoin's Staking Pool security disclosure

We would like to share Staking Pool security measures we've made
CUTcoin Staking Pool is an online service and its security level depends on the complex approach to different aspects of realization.
It operates on top of CUTcoin blockchain and in general, follows its principals of security and anonymity. It requires minimal extra information for authorization and has a transparent formula for the interest rate. We describe different aspects of security in more detail.
1) Transactions security
Incoming and outcoming operations (deposits and withdrawals) are processed as regular CUTcoin transactions so they inherit properties of untraceability and unlinkability from CryptoNote protocol. We use integrated addresses with payment id for deposits. This id is unique for each user; it is used to identify that funds come to the specific account.
When the user requests to withdraw the funds he specifies just the destination wallet address.
2) Server security
Staking pool is running on the dedicated Linux server in the data center with ISO 27001 certificate and administrated by CUTcoin team.
Staking wallet is running on the separate "secret" server with no other services that can be accessed from outside. It is also a dedicated Linux server. Staking wallet keys are stored on the server in the encrypted storage and can be accessed only by the trusted members of CUTcoin team.
Pool database backups contain the entire DB dump and allow to recover pool history.
3) User identification, security, and privacy
Staking pool uses 2-factor authentication (2FA) that prevents form password brute forcing.
It requires user registration with a minimal amount of personal data: login and email address. No KYC is required.
2FA is used for all critical operations: manipulations with credentials and funds withdrawal.
In case of any inquiries feel free to contact us or use contact form.