Trust and Safety at CoinZoom
We operate a “defense-in-depth" model for the security of our customers assets. We focus on security and compliance to build trust within the CoinZoom ecosystem.
We have been awarded the SOC2 certification, highly regarded as the most rigorous test for the trustworthiness of a company’s best practices around securing customer data.
Layered security for access
All access to our platform requires multi-factor authentication (MFA) and user action is always tied back to an individual. To provide an enhanced security model, all user access and commands to the servers containing customer data are logged and monitored by CoinZoom’s security team.
Two-Factor Authentication (2FA) is required by default, to access your account and make any withdrawals.
Address “allow-listing" allows users to restrict cryptocurrency withdrawals to allow-listed cryptocurrency addresses.
Third-Party crypto custody with multi-signature hot, warm, and cold wallets.
We are proud to be transparent with our Trust and Security program. We have embarked on using third parties and regulators to verify our platform’s security posture.
In 2022 CoinZoom is pursuing System and Organizations Control (SOC) 2 Type 2 compliance. SOC2 offers the best way to demonstrate industry's best information technology controls.
The SOC2 report assures user entities that:
We have the required security controls in place to protect customer data and assets against known and emerging threats.
We have set up monitoring and alerts to detect anomalies and issues across the entire CoinZoom platform.
We can quickly repair damage and restore normalcy if a rare data breach or system failure occurs.
The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks. CoinZoom’s platform goes through a yearly CIS Controls Audit to ensure compliance with the framework.
Third-Party Penetration Testing
CoinZoom undergoes penetration testing by a third-party company to examine our security systems to discover any unknown flaws or defects that may be exploited by malevolent attackers to steal cryptocurrency or destroy customer data.
CoinZoom undergoes third-party penetration testing twice a year to ensure the current security system has controls in place to prevent exploits.
Bug Bounty Program
We welcome and value contributions from security researchers to help us build and secure the CoinZoom platform.
If you believe you have discovered a vulnerability, please submit a security report. Our security team will investigate all valid reports and do our best to respond in a timely manner.
PCI-DSS Level 4
We are compliant with The Payment Card Industry (PCI) framework, presided over by The Security Standards Council (SSC) for all companies that process, store, or transmit credit card data. CoinZoom performs a self-assessment yearly.
All employees are required to agree and sign an NDA/Confidentiality agreement.
All employees who have access to customers’ Personal Identifying Information PII go through a rigorous background check.
Training and Awareness
All employees go through Security Training and Awareness upon hiring and bi-annually. This is to raise awareness of both emerging threats and established risks and to create a collective culture for keeping our customers, their data, and their funds safe.