Security

Last Updated: February 25, 2022

The security of your data is foundational to everything we do. If you have any questions or concerns, please contact us at [email protected].

Organization

Our team includes people from top technology companies such as Airbnb, Amazon, Apple, Coinbase, Google, Kraken, Meta, Shopify, Square, and Microsoft.

All CoinTracker employees must pass a thorough background check as part of the hiring process.

No Access to Private Keys

We never ask for your crypto wallets' private keys.

Coinbase integration is done through Coinbase Connect (OAuth). Our Coinbase integration requests read-only access to your Coinbase data.

All other exchanges are integrated with read-access only API keys on the exchange accounts.

All API keys are encrypted & securely stored.

Application Security

Our website traffic runs entirely over encrypted SSL (https).

We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks.

We hash passwords stored in the database (using bcrypt with a cost factor of 12).

We support token-based two factor authentication via Settings.

A third party security firm conducts an annual penetration test of CoinTracker and verifies security patches for further vulnerabilities.

We are certified SOC 2 compliant.

Privacy

You can delete all your account data at any time for any reason. This deletes all your wallets, exchanges, transactions, trade history, and all other linked account information. This action is irreversible.

We will never sell your cryptocurrency data to third parties.