Customer trust and data security are critical to everything we do at Koinly. If you have any questions or concerns, please contact us at [email protected]
1. Product security
Passwords Koinly allows authenticating via Google / Coinbase in which case no password is ever stored on Koinly. Users may also sign up via email in which case passwords are stored using a PBKDF function (bcrypt).
API Keys & Blockchain Keys All API/blockchain keys are encrypted using with aes-256-gcm before being stored in our database. Additionally, Koinly does not require any private keys or access to the funds on your exchanges. We always recommend disabling any withdrawal/trading privileges when connecting API keys.
Uptime We have uptime of 99.9% or higher. Any planned downtime is announced in advance on our discussion forums and on our twitter handle @Koinly.
2. Application security
Data Hosting and Storage Koinly services and data are hosted on Heroku. Heroku is a cloud application platform designed to protect customers from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and by rapidly deploying security updates without customer interaction or service interruption.
Data Access Access to customer data is limited to authorized employees who require it for their job.
Encryption Koinly is served 100% over https. All data sent to or from Koinly is encrypted in transit using 256 bit encryption.
Pentests and Vulnerability Scanning Koinly uses third party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised.
3. Additional Security features
Training All employees complete Security and Awareness training annually.
Policies Koinly has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Employee Vetting Koinly performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.
Confidentiality All employee contracts include a confidentiality agreement.
PCI Obligations All payments made to Koinly go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.