Last Updated: September 21, 2020
The security of your data is foundational to everything we do. If you have any questions or concerns, please contact us at [email protected].
Our team includes people from top technology companies such as Google, Apple, Cisco, and Microsoft.
All CoinTracker employees must pass a thorough background check as part of the hiring process.
- No Access to Private Keys
We never ask for your crypto wallets' private keys.
Coinbase integration is done through Coinbase Connect (OAuth). Our Coinbase integration requests read-only access to your Coinbase data.
All other exchanges are integrated with read-access only API keys on the exchange accounts.
All API keys are encrypted & securely stored.
- Application Security
Our website traffic runs entirely over encrypted SSL (https).
We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks.
We hash passwords stored in the database (using bcrypt with a cost factor of 12).
We support token-based two factor authentication using Google Authenticator via Settings.
CyberNinjas conducts an annual penetration test of CoinTracker and verifies any security patches for further vulnerabilities.
- Bug Bounty Program
We have an active bug bounty program that offers monetary rewards for responsible & ethical security vulnerability disclosure. See Federacy for details.
You can delete all your account data at any time for any reason. This deletes all your wallets, exchanges, transactions, trade history, and all other linked account information. This action is irreversible.
We will never sell your cryptocurrency data to third parties.