MoonPay logo

MoonPay Security

Security and privacy are top priorities at MoonPay. We put our customers and partners safety first while emphasizing user ownership.

MoonPay Security
Soc2 certificationISO Badge Circlepci-dsscpdcybersecurity
custody

Custody

MoonPay remains a non-custodial agent in all customer dealings. MoonPay does not custody any customer funds purchased on the platform and transfers assets directory to/from customer directed wallets. If the customer does not already have a wallet, a wallet may be created for them on the MoonPay platform, but the keys are only accessible to the user and escrowed away from all MoonPay employees.

payment-and-customer-data

Payment & Customer Data

All data sent to or from MoonPay's infrastructure is encrypted in transit using Transport Layer Security (TLS) version 1.2 or later. All MoonPay data is encrypted at rest using AES-256 block-level storage encryption and stored in ISO27001 and PCI DSS compliant data centers. MoonPay is compliant to the General Data Protection Regulation (GDPR), ensuring that all customer and employee personal information is treated with the highest level of security and in a lawful manner. All payment information is processed and stored following the strict Payment Card Industry Data Security Standards (PCI DSS).

secure-development

Secure Development

MoonPay employs processes and tooling to continuously deliver secure software to our cloud infrastructure and applications. All code changes go through a code review process and are subject to static application security testing (SAST) to detect insecure code patterns. All dependencies are automatically updated and MoonPay's security team works hand in hand with engineering teams to provide assistance during the different stages of the software development lifecycle (SDLC). MoonPay engineers participate in regular security training to educate about common vulnerabilities and secure development practices.

internal-security

Internal Security

MoonPay employees are required to use company-provided devices that are managed through a mobile device management solution. This allows our security and IT teams to enforce security policies, deploy other endpoint protection solutions and manage devices remotely. All employees are enforced to use Single Sign-On, and Multi-Factor Authentication to access third party applications and services. Employees are subject to background checks prior to employment and receive training on security guidelines. Employees are held to stringent security standards and interface regularly with the Security team.

Bug Bounty Program

As part of our commitment to security, we welcome vulnerability submissions through our bug bounty program on HackerOne. MoonPay strongly believes in the value of collaborating with the security community to continuously test and improve the security of our platform. If you have discovered a vulnerability on MoonPay, we encourage you to report it through our bug bounty program at hackerone.com/moonpay.

Report here
Bug Bounty Program

Protecting yourself from fraud

Learn about how you can protect yourself from Fraud.

More info
protect-img

Partners

For enterprise collaborations, please view our Trust Report for details on our certifications and security program.

View Trust Center
partners-img