CryptoCrowd
Back to home
Legal

Security

Last updated · May 2026

Posture

CryptoCrowd is built on Vercel + Supabase, both SOC 2 Type II audited. Sessions use HTTP-only secure cookies with strict same-site, and PKCE flows for OAuth.

Data at rest

All database connections encrypted in transit (TLS 1.3). At rest, Supabase storage is AES-256 encrypted with managed keys. We never store plaintext passwords — Supabase Auth handles hashing (bcrypt + per-row salt).

Vulnerability disclosure

Found a security issue? Email security@cryptocrowd.app — we acknowledge within 24h and triage within 72h. Good-faith disclosure won't get you sued. We're working on a bug bounty program for Phase 4.

Compliance

GDPR + CCPA compliant. No PCI data handled — all payments (once we launch billing) will route through Stripe.

Open source

Where appropriate, we publish components and helpers on github.com/cryptocrowd so the broader ecosystem can audit and contribute.