Security

Password & Credential Storage

CoinLedger enforces a password complexity standard and all credentials are hashed using a PBKDF2 function with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.

Traffic Encryption

All data sent to or from CoinLedger is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests and malicious agents from getting to our internal network.

Failover and Data Recovery

CoinLedger was built with disaster recovery in mind. Our infrastructure is spread across multiple availability zones and will continue to work should any one of them fail.

PCI Obligations

All payments made to CoinLedger are processed through our payment partner, Stripe. Information about their security and PCI compliance can be found on Stripe’s security page.

Transaction Data

Exchange integrations require an API connection or a transaction history file to be uploaded. During API imports, CoinLedger requires read-only permissions and never has access to your funds or your private keys. During file imports, CoinLedger only reads the relevant transaction history into memory before discarding the file. Your personal information is never saved into our database.

Data Control

From within your account, you have the ability to delete all transaction data and exchange API connections. This will completely delete all trades, incoming transactions, outgoing transactions, and exchange account connections.