Security
How your money, data and accounts are protected on Flameix. Everything important to know.
What we do for you
TLS encryption
All traffic goes over HTTPS with TLS 1.3 — impossible to intercept
PCI-DSS payments
Payment data is not stored on Flameix servers, it is passed directly to the processor (Sber / Tinkoff / Stripe / etc)
Encrypted credentials
Account login/password are encrypted at-rest. They are decrypted only when shown to you (after payment)
Audit logging
Every credentials disclosure is written to an audit log — we know when and to whom data was shown
KYC/AML compliance
Sellers with turnover over 5000 RUB/month must pass KYC. Suspicious transactions are flagged automatically
Dispute protection
A 7-day window for a refund on a confirmed dispute. 100% refund
What you should do
- Never share your email/account passwords with anyone
- Use unique passwords for each service
- Enable 2FA where possible (but not on purchased accounts in the first 7 days)
- A suspicious Telegram account messaging on behalf of Flameix? Check — we only write from @tmagifts_support
- Do not pay outside the platform — only protected deals via Flameix
Suspicious actions
Flameix does not request card details outside checkout forms
KYC is done through a secure form at /profile/me/kyc
Check the URL — it must be only tma.gifts. Mistyped domains = phishing
A digital item does not require an .exe to activate
Only if the seller asks to show a specific error. Never give control
Spotted fraud?
If a seller asks for something suspicious or you received a phishing email — report it to us:
Bug Bounty
In developmentFound a vulnerability? Report it to security@tma.gifts or via security.txt. Monetary rewards for critical/high CVEs will launch before the public release.