Protecting your funds is our top priority

Custody, a pillar of trust for your crypto-assets

The crypto-asset custody service has been certified compliant with the ISO 27001:2022 standard by Bureau Veritas.

Crypto-assets held on behalf of clients are segregated from the company's own funds.

To secure them, GOin uses Fireblocks technology, one of the leaders in the field, recognized for its robustness and reliability.
Fireblocks is SOC 2 Type II certified and regularly undergoes penetration testing by ComSec and NCC Group. It is also certified by the International Organization for Standardization for security (ISO 27001), cloud (ISO 27017), and privacy (ISO 27018).

The digital vaults offered by Fireblocks are based on the MPC-CMP protocol (Multi-Party Computation-Cryptographic Multi-Party).

MPC-CMP is a revolutionary approach in cryptography that secures transactions and crypto-asset custody by distributing cryptographic keys among multiple parties. Rather than relying on a single private key, MPC-CMP divides the information needed to validate a transaction among several independent entities. No party holds enough information to act alone, thus eliminating a single point of failure.

This protocol offers major advantages

• Enhanced Security — By distributing cryptographic keys, the risk of asset theft or loss is significantly reduced. Even if some keys are compromised, your assets remain protected.
• Operational Efficiency — MPC-CMP reduces the complexity and time required to perform secure transactions, improving operational efficiency while maintaining a high level of security.
• Flexibility and Control — This technology enables flexible implementation of security policies (administration quorum, for example) without compromising security. By integrating Fireblocks' MPC-CMP into its infrastructure, GOin ensures state-of-the-art security for the custody and management of your crypto-assets.

ISO 27001:2022 Certified Security Program

GOin's information security management system has been certified compliant with ISO 27001:2022 by Bureau Veritas. This certification covers all services provided by GOin:

• Crypto-asset custody
• Crypto-asset brokerage (buying and selling against fiat currency, exchanges between crypto-assets)
• Third-party crypto-asset portfolio management
• Advice to crypto-asset subscribers

GOin has implemented recommendations and best practices in information security management organized into different domains, such as asset management, access control, cryptography, physical and environmental security, operations and communications management, systems acquisition, development and maintenance, information security incident management, business continuity, and compliance.

In addition to these measures, GOin has a managed SOC (Security Operations Center) that ensures continuous monitoring of its entire information system. This operational center, active 24 hours a day, 7 days a week, detects, analyzes, and responds in real-time to potential threats, ensuring proactive and enhanced protection against security risks.

Our ISO 27001 certification by Bureau Veritas and our Security Assurance Plan are made available to our clients and partners upon request.

A robust infrastructure, protected and compliant with international standards

GOin's infrastructure is hosted at AWS, the global leader in Cloud services, in data centers located in France and Germany. AWS maintains a list of reports, certifications, and third-party assessments to ensure best security practices. For more information on AWS compliance, please refer to their compliance program.

The data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information about AWS data centers and their security controls can be found on their dedicated page.

GOin's technical teams follow best practices in terms of AWS architecture and configuration. Our infrastructure has been audited by PASSI-approved auditors.

Data Protection

Data in transit and at rest is systematically encrypted, ensuring its confidentiality and integrity during transfer. Additionally, mutual authentication is required, whenever technically possible, to allow data decryption, thereby strengthening protection against unauthorized interception.

GOin implements rigorous logging to ensure traceability of actions performed by its teams and clients. Logs include detailed information about actions taken, security events, transactions, and changes made to systems and data.

The collection and retention of logs enable GOin to monitor activities, detect potential anomalies or intrusion attempts, and facilitate investigations in case of security incidents.

For more information on the protection of your data, please refer to our personal data protection policy.