Security

Last Updated: August 16, 2018

The security of your data is foundational to everything we do. If you have any questions or concerns, please contact us at security@cointracker.io.

Organization

Our team includes people from top technology companies such as Google, Apple, Cisco, and Microsoft.

All CoinTracker employees must pass a criminal background check as part of the hiring process.

No Access to Private Keys

We never ask for your crypto wallets' private keys.

Coinbase integration is done through Coinbase’s OAuth2 flow. Our Coinbase integration requests read-only access to your Coinbase data.

All other exchanges are integrated by creating API keys on the exchange accounts and providing them to CoinTracker. We ask that you provide only ‘View’ permissions to these API keys whenever possible.

Application Security

Our website traffic runs entirely over encrypted SSL (https).

We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks.

We hash passwords stored in the database (using bcrypt with a cost factor of 12).

CoinTracker has been independently security-reviewed by third party security engineers. Hunter2 has also reviewed CoinTracker for vulnerabilities and provides ongoing security training to our engineering team to stay up-to-date on best practices in security.

Bug Bounty Program

We offer rewards for responsible & ethical security vulnerability disclosure. See Federacy for details.

Privacy

You can delete all your account data at any time for any reason. This deletes all your wallets, exchanges, transactions, trade history, and all other linked account information. This action is irreversible.

We will never sell your crypto data to third parties.