CryptoTrader.Tax enforces a password complexity standard and all credentials are hashed using a PBKDF2 function with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.
All data sent to or from CryptoTrader.Tax is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests and malicious agents from getting to our internal network.
CryptoTrader.Tax was built with disaster recovery in mind. Our infrastructure is spread across multiple availability zones and will continue to work should any one of them fail.
All payments made to CryptoTrader.Tax are processed through our payment partner, Stripe. Information about their security and PCI compliance can be found on Stripe’s security page.
Exchange integrations require an API connection or a transaction history file to be uploaded. During API imports, CryptoTrader.Tax requires read-only permissions and never has access to your funds or your private keys. During file imports, CryptoTrader.Tax only reads the relevant transaction history into memory before discarding the file. Your personal information is never saved into our database.
From within your account, you have the ability to delete all transaction data and exchange API connections. This will completely delete all trades, incoming transactions, outgoing transactions, and exchange account connections.