šŸ“¢ We're launching a brand new crypto tax appā€”DeFi & NFTs included. Join the waitlist for early access šŸ”„


Last updated January 31, 2021

Password &Ā Credential Storage

CryptoTrader.Tax enforces a password complexity standard and all credentials are hashed using a PBKDF2 function with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.

Traffic Encryption

All data sent to or from CryptoTrader.Tax is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests and malicious agents from getting to our internal network.

Failover and Data Recovery

CryptoTrader.Tax was built with disaster recovery in mind. Our infrastructure is spread across multiple availability zones and will continue to work should any one of them fail.

PCI Obligations

All payments made to CryptoTrader.Tax are processed through our payment partner, Stripe. Information about their security and PCI compliance can be found on Stripeā€™s security page.

Transaction Data

Exchange integrations require an APIĀ connection or a transaction history file to be uploaded. During APIĀ imports, CryptoTrader.Tax requires read-only permissions and never has access to your funds or your private keys. During file imports, CryptoTrader.Tax only reads the relevant transaction history into memory before discarding the file. Your personal information is never saved into our database.

Data Control

From within your account, you have the ability to delete all transaction data and exchange API connections. This will completely delete all trades, incoming transactions, outgoing transactions, and exchange account connections.