Security FAQs

Our 2 most frequently asked questions in regarding security. Here is all you need to know about how we handle your information and some information about giving away information via XPUBs.

How do I know is safe?

We, at, take security and safety very seriously. For this reason, we have implemented a continuous process to check these: 

  • Our security measures go far beyond securing client/server or inter-service communication with SSL. As a principle, our system is designed to prevent security vulnerabilities already by the design.
  • Part of this is that we use certified services wherever possible to reduce the complexity of the system. Identity management and authentication are therefore carried out using the OAuth standard, for example. 
  • User data is encrypted using user-specific keys generated by the AWS Key Management System (KMS), which are also rotated accordingly to industry standards.
  • The system is ongoingly checked (among other things) for all points of the OWASP Top-10. As far as possible, data minimization and partitioning of the data is applied. 
  • The purchase information, for example, is only available in Paddle and at no time in connection with the user’s crypto-portfolio. Passwords are never received thanks to the integration with Auth0.
  • For API keys we explicitly ask for read-only access and encrypt this data also user-specific. The users can delete the whole account including all collected data at any point. 
  • Out of respect for data sovereignty, users can export their data from the system at any time without restriction.
  • As a data center, we have made a conscious decision to operate on (dedicated) cloud machines and benefit from the experience of AWS as operator. 
  • The company headquarters is located in Switzerland, so our customers’ data is correspondingly secure against legal queries. 
  • Since Germany is one of our target countries, we also implement all GDPR requirements in full and have data processing agreements with all service providers.
  • does not sell your data nor will ever sell your data. 

Is a scam to steal my addresses?

No. We will ALWAYS require for read only access, specifically for API imports. For some wallets, we might require XPUBs due to the fact that it is the only way to track Bitcoin. Here is some more information about XPUBS:

Andreas Antonopolous in the What Bitcoin Did Podcast with Peter McCormack

Related posts

3d hammer Security FAQs (German Version)
Die zwei am häufigsten gestellten Fragen in zum Thema Sicherheit. Hier findest du alles,... Data FAQs
Here are some of the most frequently asked questions in regarding how do we...
3d hammer Data FAQs (German Version)
Im Folgenden findest du die am häufigsten gestellten Fragen zur Datensicherheit von, wie oft...