Read-only access only
Coinfig asks for read-only exchange API keys. We can see your transaction history to build your report — we can never trade, withdraw or move your funds.
Your crypto history is sensitive. Coinfig is built so that connecting your accounts is safe by design — read-only, encrypted, and POPIA-aligned.
Coinfig asks for read-only exchange API keys. We can see your transaction history to build your report — we can never trade, withdraw or move your funds.
API keys and other secrets are encrypted with AES-256-GCM, using keys derived via PBKDF2-SHA512. Credentials are never stored in plain text.
Sign-in is handled by a dedicated authentication provider with support for single sign-on, so your access is protected by industry-standard controls.
We do not sell your personal information. Access and consent events are logged for accountability, in line with South Africa’s POPIA.
Requests are rate-limited, traffic is served over HTTPS behind a global CDN, and the application uses standard security headers and parameterised database queries.
We collect only what we need to calculate your tax — your transactions and the accounts you choose to connect. Billing is handled by our payment provider; we do not store full card details.
Have a security question or want to report an issue? Email support@coinfig.tax and read how we handle personal information in our privacy policy.