CoinTracker’s Commitment to Data Security and Privacy

At CoinTracker, your security and privacy are our top priority. By combining state-of-the-art security measures with industry best practices, we ensure that your data remains protected. Here are some of the measures we take to protect you:

Read-only access to your wallets and exchanges

At CoinTracker, we only request read-only permissions to your wallets and exchanges. This means:

• No private keys or seed phrases: We will never ask you for your private keys or seed phrases. Private keys should never be shared and should always be safeguarded offline either by using a hardware wallet or a trusted custodian.
• No write access: CoinTracker cannot execute transactions or withdrawals on your behalf.

Two-Factor Authentication (2FA)

To enhance the security of your account, we offer token-based Two-Factor Authentication (2FA). This additional layer of security requires a second form of verification. You can enable two-factor authentication (2FA) on your account through the settings page.

Encrypted and secure API keys

All API keys provided to CoinTracker are encrypted and securely stored. This ensures that your connection to exchanges and wallets is protected against unauthorized access.

SOC 2 Type II Compliance

We are SOC 2 Type II compliant. This certification demonstrates our commitment to the highest standards of security, availability, and confidentiality. Achieving this compliance involves rigorous auditing by independent third-party firms, ensuring our systems and processes meet stringent security requirements.

Independent security penetration testing

Security is an ongoing priority at CoinTracker. We conduct annual security audits and penetration testing, verified by third-party experts. These independent tests help identify and address potential vulnerabilities, ensuring our platform remains secure.

User control over account data

We believe in giving users full control over their data. If you ever wish to delete your account data, you can do so easily by visiting our profile deletion page. This action will:

• Delete all your wallets, exchanges, transactions, trade history, and all other linked account information.
• Be irreversible, meaning account data cannot be restored after deletion.

Dedicated incident response team

In the unlikely event of a security issue, our dedicated incident response team is ready to act promptly and efficiently. This ensures any potential threats are addressed immediately, minimizing risk to your data.

Best practices for enhanced security

While we implement extensive security measures, it’s also important for users to follow best practices:

• Never share your seed phrases or private keys: Keep these confidential, and never disclose them to anyone.
• Enable Two-Factor Authentication: You can set up token-based 2FA on your CoinTracker account through the settings page.
• Use strong, random passwords: Use a password manager like 1Password to create and store strong passwords.
• Be vigilant: Be cautious of emails or phone calls requesting account information or asking you to verify your account.

Thank you for choosing CoinTracker. If you have any questions or need assistance, please don’t hesitate to contact our support team at support@cointracker.com.