Loading...
Home / Security
LegalHow we protect your funds, your data and your account — and how you can help keep them safe.
Security is foundational to everything we build at Cointup. We apply a defence-in-depth strategy that combines secure engineering practices, layered infrastructure controls and continuous monitoring to protect customer assets and data.
The majority of customer assets are held in cold storage, isolated from internet-facing systems. Hot wallets used for day-to-day operations are kept to the minimum required and are protected with multi-signature controls and withdrawal limits.
Sensitive data is encrypted in transit using modern TLS and at rest using industry-standard algorithms. Access to production data is restricted on a least-privilege basis and logged for audit.
We provide a range of tools to help you secure your account, including two-factor authentication (2FA), anti-phishing codes, device and session management, and withdrawal address allow-listing. We strongly encourage every customer to enable these protections.
Our systems are monitored around the clock for suspicious activity and operational anomalies. We maintain incident-response procedures, backups and redundancy designed to keep the platform available and to recover quickly from disruption.
We engage independent security firms to perform penetration testing and reviews, and we work to align our controls with recognised security standards. Findings are tracked to remediation as part of our ongoing security programme.
We welcome reports from security researchers. If you believe you have found a vulnerability, please report it privately to security@cointup.com and allow us a reasonable time to investigate and remediate before any public disclosure. Please do not access or modify data that is not your own.
For security questions, contact our team via the contact page or email security@cointup.com.