Security - CoinJar

CoinJar Security

We are committed to undertaking the best security measures to protect your cryptocurrency and personal information.

We employ multiple strategies to protect our customer’s assets and information, including data encryption, Transport Layer Security, periodic security audits and best practice organisation security. We also utilise advanced machine learning techniques to recognise suspicious logins, account takeovers and financial fraud.

CoinJar was founded in 2013. We’re backed by some of the world's top investors, and are also registered with the Australian Transaction Reports and Analysis Centre.

At least 90% of our customers’ digital currencies are stored offline in geographically-redundant, secure locations. Wherever practicable, we use multi-sig technology to protect digital assets that must be stored online. We maintain full reserves at all times, with sufficient assets to cover customer balances with matched durations and currencies.

Learn more about Security

  • Privacy
    Your personal and financial information is only stored and processed in cloud services that meet our strict infrastructure security requirements. It’s only collected and shared in accordance to our Privacy Policy.
  • Infrastructure
    Our infrastructure is hosted on Amazon Web Services, which offers a secure environment for CoinJar services with capabilities of access control, data encryption, monitoring and isolation.

    Our internal networks are protected by firewalls and not exposed to the internet, and all internal traffic is also encrypted to the same standard as external services. Our firewall policies are designed to allow minimum permissions for different applications and roles to interact.

    All application and database servers are running inside private networks, with isolation between staging and production environments. Public-facing services are made available by dedicated load balancers that only handle HTTP requests.
  • Organisation Security
    All CoinJar employees are required to use cryptographically-secure Multi-Factor Authentication such as hardware U2F keys to access internal services. Engineers do not have access to application credentials or production servers. All deployments are performed independently by a deployment server.

    As part of our hiring process, candidates must pass criminal background checks before becoming a CoinJar employee.
  • Communication
    We keep our members updated in real-time using our Status page , which has the current status of our services, details of any current incident, and information about upcoming scheduled maintenance.
  • Bug Bounty
    We work with an active community of security researchers through our Bug Bounty Program to continually improve the security of CoinJar and our members’ funds.

Protect your CoinJar Account

Got a question about security? We’re here to help and answer any questions you have. Contact us.

Add digital currency to your portfolio

Getting started with CoinJar is simple and only takes a few minutes.