Last Updated: November 7, 2017

The security of your data is foundational to everything we do. If you have any questions or concerns, please contact us at security@cointracker.io.

Organization

Our team includes people from top technology companies such as Google, Apple, Cisco, and Microsoft.

All CoinTracker employees must pass a criminal background check as part of the hiring process.

No Access to Funds

We never ask for your crypto wallets’ private keys. We do not have access to your funds and they are not at risk of theft or loss through CoinTracker.

Coinbase integration is done through Coinbase’s OAuth2 flow. Our Coinbase integration requests read-only access to your Coinbase data.

Binance, Bitfinex, Bitstamp, Bittrex, Cryptopia, GDAX, Gemini, HitBTC, Kraken, Liqui and Poloniex are integrated by creating API keys on the exchange accounts and providing them to CoinTracker. We ask that you provide only ‘View’ permissions to these API keys.

Application Security

Our website traffic runs entirely over encrypted SSL (https).

We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks.

We hash passwords stored in the database (using bcrypt with a cost factor of 12).

CoinTracker has been independently security reviewed by third party security engineers.

Privacy

You can delete your linked account data at any time for any reason.

We will never sell your crypto data to third parties.