Security Policy
How CoinAbout protects wallet login, subscription access, database transport, account sessions, and payment-sensitive workflows.
Last updated: June 1, 2026
A correct CoinAbout wallet sign-in prompt should show coinabout.com as the requesting domain.
Account and wallet security
CoinAbout wallet sign-in uses a server-issued challenge and a wallet signature. The signed message should match the CoinAbout domain before you approve it.
Disconnecting a wallet clears the CoinAbout wallet session. You may still need to disconnect or forget the site inside your wallet extension or mobile wallet.
Infrastructure controls
Production database connections are required to use verified SSL with certificate authority validation. Insecure TLS bypass settings are rejected in production.
CoinAbout uses secure cookies, rate limiting, input validation, access controls, CSRF protection for mutation surfaces, and operational health checks.
Payment safety
Subscription payment flows should show the chain, recipient, amount, and transaction state before access is granted. Always verify wallet prompts and destination addresses.
CoinAbout staff will never ask for your seed phrase, private key, remote wallet control, or backup file.
Responsible disclosure
If you find a security issue, contact hello@coinabout.com with a clear description, impact, affected URL or API, and safe reproduction steps.
Do not access, change, delete, or exfiltrate data that is not yours. Do not run denial-of-service tests or social engineering against users or staff.