Trust and Safety at CoinZoom

We operate a “defense-in-depth" model for the security of our customers assets. We focus on security and compliance to build trust within the CoinZoom ecosystem.

Trust & Safety Video
Trust and Safety at CoinZoom

Layered security for access

All access to our platform requires multi-factor authentication (MFA) and user action is always tied back to an individual. To provide an enhanced security model, all user access and commands to the servers containing customer data are logged and monitored by CoinZoom’s security team.

Learn More

  • Two-Factor Authentication (2FA) is required by default, to access your account and make any withdrawals.

  • Address “allow-listing" allows users to restrict cryptocurrency withdrawals to allow-listed cryptocurrency addresses.

  • Third-Party crypto custody with multi-signature hot, warm, and cold wallets. 

Security Compliance

We are proud to be transparent with our Trust and Security program. We have embarked on using third parties and regulators to verify our platform’s security posture. 

SOC 2

In 2022 CoinZoom is pursuing System and Organizations Control (SOC) 2 Type 2 compliance. SOC2 offers the best way to demonstrate industry's best information technology controls.

The SOC2 report assures user entities that:

  • We have the required security controls in place to protect customer data and assets against known and emerging threats.

  • We have set up monitoring and alerts to detect anomalies and issues across the entire CoinZoom platform.

  • We can quickly repair damage and restore normalcy if a rare data breach or system failure occurs. 

CIS Controls 

The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks. CoinZoom’s platform goes through a yearly CIS Controls Audit to ensure compliance with the framework. 

Third-Party Penetration Testing 

CoinZoom undergoes penetration testing by a third-party company to examine our security systems to discover any unknown flaws or defects that may be exploited by malevolent attackers to steal cryptocurrency or destroy customer data. 

CoinZoom undergoes third-party penetration testing twice a year to ensure the current security system has controls in place to prevent exploits. 

Trust and Safety

Bug Bounty Program

We welcome and value contributions from security researchers to help us build and secure the CoinZoom platform.  

If you believe you have discovered a vulnerability, please submit a security report. Our security team will investigate all valid reports and do our best to respond in a timely manner. 

View the Bug Bounty Program

Self-Assessments

PCI-DSS Level 4 

We are compliant with The Payment Card Industry (PCI) framework, presided over by The Security Standards Council (SSC) for all companies that process, store, or transmit credit card data. CoinZoom performs a self-assessment yearly.

NDA/Confidentiality Agreements 

All employees are required to agree and sign an NDA/Confidentiality agreement.  

Background Checks 

All employees who have access to customers’ Personal Identifying Information PII go through a rigorous background check. 

Training and Awareness 

All employees go through Security Training and Awareness upon hiring and bi-annually. This is to raise awareness of both emerging threats and established risks and to create a collective culture for keeping our customers, their data, and their funds safe.