CoinSwitch provides users with a simple and secure way to invest in crypto. The simplicity of the CoinSwitch app is something our users experience every day—at every trade. But how do we secure our platform, your data, and your assets?
Very diligently, is the short answer. From user-specific PIN and 2FA (Two-Factor Authentication) to control access to the app, to SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encryption protocols to protect user data and transactions, to multi-party computation (MPC) for the custodial wallets that secure users’ crypto, we apply extensive checks and guardrails to ensure users’ investment is as secure as it is seamless on CoinSwitch. This article lists some of the major security features and protocols we have implemented toward that cause.
How is the CoinSwitch app secured?
CoinSwitch has established a well-defined authentication mechanism for the app to prevent any unauthorized access. These include user-specific PIN or biometric authentication and two-factor authentication through SMS-based OTP. As a practice, we ask for user credentials before showing any sensitive data, nor do we store any sensitive data locally on users’ phones.
We also regularly update the CoinSwitch app as and when we identify any security gaps. Users are thus strongly advised to regularly update the app from the respective app store (Play Store for Android and App Store for Apple).
How is my data secured?
The CoinSwitch app is secured using SSL/TLS to ensure users’ data remain protected and uncompromised. SSL or Secure Sockets Layer is a security technology that encrypts communication between a server (the CoinSwitch server) and a client (the CoinSwitch app on your phone).
Specifically, we use a cryptographic protocol called TLS or Transport Layer Security to encrypt all data shared between the application and server. The TLS protocol prevents third parties from eavesdropping or tampering with data, and thus ensures the integrity of the communication between the CoinSwitch app and our server.
Further, CoinSwitch has defined app permissions in such a manner that other apps installed on users’ devices do not get access to the data. This is over and above the operating system-level sandboxing restrictions that isolate apps and prevent them from malicious third-party apps. You may read more about Android’s Application Sandboxing here and Apple’s App Sandboxing here.
How is the server data secured?
CoinSwitch uses the industry-leading cloud services of Amazon Web Services (AWS) to securely store all data in cloud servers. AWS encrypts data stored on its servers and during transit between servers. CoinSwitch has defined proper access controls for user data on the AWS database to prevent any unauthorized access or malpractice.
How is my crypto secured?
CoinSwitch stores users’ crypto in custodial wallets of global repute provided by industry-leading institutions. Access to these wallets is with CoinSwitch. Further, these wallets require multi-party computation, which is to say no single individual even at CoinSwitch can execute a transaction; all transactions require a maker-checker mechanism.
To ensure transparency of our custody, we have also made public our wallet addresses and conducted an independent review of our Proof of Reserves—an exercise we will conduct regularly. You can go through our POR and wallet addresses here.
When can I contact you for help?