We, at ACCOINTING.com, take security and safety very seriously. For this reason, we have implemented a continuous process to check these:
- Our security measures go far beyond securing client/server or inter-service communication with SSL. As a principle, our system is designed to prevent security vulnerabilities already by the design.
- Part of this is that we use certified services wherever possible to reduce the complexity of the system. Identity management and authentication are therefore carried out using the OAuth standard, for example.
- User data is encrypted using user-specific keys generated by the AWS Key Management System (KMS), which are also rotated accordingly to industry standards.
- The system is ongoingly checked (among other things) for all points of the OWASP Top-10. As far as possible, data minimization and partitioning of the data is applied.
- The purchase information, for example, is only available in Shopify and at no time in connection with the user's crypto-portfolio. Passwords are never received, thanks to the integration with Auth0. Users also have the possibility to use the widely used 2-factor authentication.
- For API keys we explicitly ask for read-only access and encrypt this data also user-specific. The users can delete the whole account including all collected data at any point.
- Out of respect for data sovereignty, users can export their data from the system at any time without restriction.
- As a data center, we have made a conscious decision to operate on (dedicated) cloud machines and benefit from the experience of AWS as operator.
- The company headquarters is located in Switzerland, so our customers' data is correspondingly secure against legal queries.
- Since Germany is one of our target countries, we also implement all GDPR requirements in full and have data processing agreements with all service providers.
- Accointing does not sell your data nor will ever sell your data.