Coinfloor holds client fiat (i.e. GBP, EUR, PLN and USD) funds in a client funds account at
LHV Bank in Estonia, one of Europe's fastest growing and most innovative banks.
As banking relationships are a high priority for any Bitcoin company, we
maintain accounts with several other banks in Europe to avoid any downtime
to Coinfloor’s services. In all cases, the banks are fully aware of the
nature of our business.
We are actively seeking to add further payment options through ongoing
research and development, partnering with innovative payment providers and
lobbying government and UK-based banking institutions.
Bitcoin security - We are paranoid about security
Coinfloor operates with a 100% cold storage policy. All our client
bitcoins are received, stored and sent out from within multiple underground
vaults which maintain the same security standards as the Bank of England.
Coinfloor is the first bitcoin exchange to hold all client bitcoins in
Multi-Signature Pay 2 Script Hash (P2SH) cold storage.
Our system has been built such that no single person, server, vault
location or device failure could compromise the integrity of client bitcoins.
No client bitcoins are ever stored on a server, ensuring that in the unlikely
event that an attacker gains complete access to any of our online servers,
our client bitcoins would not be compromised.
Coinfloor is providing company-owned bitcoins to fund the Advance Withdrawals service,
allowing users to withdraw up to 2 bitcoins without waiting for a cold storage withdrawal.
As a result of our 100% multi-signature cold storage policy, bitcoin withdrawals over 2
bitcoins take place up to 3 times a day during business hours. We believe that this
slower withdrawal speed is worth the peace of mind that comes from knowing no client
funds are ever accessible in a hot or warm wallet.
All users are required to set up either Authy or YubiKey two-factor
authentication meaning that if someone were to find out a user’s username
and password they would still not be able to log into their account without
the user’s Authy one-time password token or YubiKey.
We have multiple levels of security and application separation. Starting
from Web application firewalls provided by Incapsula monitoring all incoming web
traffic and going through to multiple internal firewalls and security measures
as well as logical and physical compartmentalisation of all key applications.
External penetration tests are regularly performed by a highly regarded penetration
testing firm with extensive experience in testing financial institutions and ecommerce
How we keep you safe
Coinfloor is registered at Companies House
with registration number 08493818 and maintains communication with the
UK's Financial Conduct Authority (FCA) and the European Commission.
In order to comply with our registration, potential future
regulatory requirements and any applicable
laws, it is important that we have in place a series of policies and
procedures designed to protect Coinfloor and our customers.
It is our responsibility to safeguard our
services from being used for money laundering and the facilitation of
terrorist financing. It is for this reason that we require all of our
customers to go through an application and verification process to become a
Coinfloor client before they are formally engaged with Coinfloor. Other
safeguards including ongoing monitoring and flagging of suspicious
activities are also put in place in order to protect Coinfloor and our
Data Protection: Coinfloor is registered with the
Information Commissioner’s Office under the Data Protection Act and we are
required by law to store your information to the highest of standards. Your
financial information is safe with us. Our registration number is
All the information supplied by you is
transmitted via Transport Layer Security (TLS) protocol. Once we have
received your information, we use strict procedures and security processes
to prevent any unauthorised access. Your data can only be accessed by
authorized Coinfloor staff who are required to keep the information
confidential and have passed a criminal background check as part of the
Two-Factor Authentication: We believe that Two-Factor
Authentication (2FA) should be a required standard for any financial
services company. Passwords alone are insecure and in order to follow the
“something you have” and “something you know” standard of security, we
require the use of 2FA for all users, all of the time.