Security

Last Updated: December 6, 2018

The security of your data is foundational to everything we do. If you have any questions or concerns, please contact us at security@cointracker.io.

Organization

Our team includes people from top technology companies such as Google, Apple, Cisco, and Microsoft.

All CoinTracker employees must pass a thorough background check as part of the hiring process.

No Access to Private Keys

We never ask for your crypto wallets' private keys.

Coinbase integration is done through Coinbase’s OAuth2 flow. Our Coinbase integration requests read-only access to your Coinbase data.

All other exchanges are integrated with read-access only API keys on the exchange accounts.

All API keys are encrypted & securely stored.

Application Security

Our website traffic runs entirely over encrypted SSL (https).

We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks.

We hash passwords stored in the database (using bcrypt with a cost factor of 12).

Hunter2 conducts an annual penetration test of CoinTracker and verifies any security patches for further vulnerabilities.

Bug Bounty Program

We have an active bug bounty program that offers monetary rewards for responsible & ethical security vulnerability disclosure. See Federacy for details.

Privacy

You can delete all your account data at any time for any reason. This deletes all your wallets, exchanges, transactions, trade history, and all other linked account information. This action is irreversible.

We will never sell your crypto data to third parties.