The Steps We Take
to Secure Your Account

Securing your data, account, and funds is Bitvavo's main priority. This page describes specific steps we have taken to ensure the security and reliability of the Bitvavo platform.

Account protection

Wide Range
of Security Options

Bitvavo offers users multiple options to secure their account and their funds. Optional security settings are presented and communicated as clearly as possible to ensure that Bitvavo users are well protected against security-related incidents.

  • Two Factor Authentication (2FA)
  • Device & IP Management
  • Security Notifications
  • Withdrawal Whitelist
  • Anti-Phishing Protection
Cold Wallets

Bitvavo stores the vast majority of digital assets in cold wallets. These funds are stored offline in secure locations and require manual action to be moved, which are regulated by strict access protocols.

Vaults

Bitvavo's cold storage is kept in bank-grade vaults with 24/7 monitoring. All the vaults meet the strict requirements of safety category 4+. This is the highest security category in the Netherlands.

Geographic Distribution

Bitvavo's cold storage devices are distributed among a multitude of different geographic locations, to protect against potential destructive physical risks such as fires or environmental disasters.

API Protection

Secure Your
Automated Access

Bitvavo takes various steps to ensure secure and reliable API access for its users. Set up a secure API environment by explicitly giving read, trade, and withdraw access. Use IP and withdrawal address whitelists to protect yourself against malicious requests or withdrawals.

  • Permission-Based Access
  • IP Whitelist
  • Withdrawal Address Whitelist
Uptime & Redundancy

To ensure reliable access, Bitvavo hosts vital services in multiple availability zones with automatic failovers. In case of an outage, these failovers automatically redirect traffic to available services.

Certified Data Centers

Bitvavo uses data centers compliant with the following certifications: ISO 9001, ISO 27001, ISO 27017, PCI DSS Level 1, SOC 1 - 3. These standards help Bitvavo to achieve high levels of security and compliance in its cloud infrastructure.

Auditing & Advanced Monitoring

Bitvavo uses extensive logging for employee access and employs advanced monitoring tools to detect abnormalities and uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats.

Company

Organization is key

Bitvavo has taken several efforts to set up its organization and team with a security-first approach.

Located in the Netherlands

Bitvavo is located in Amsterdam, The Netherlands and is subject to the EU's General Data Protection Regulation (GDPR). A foundation, Stichting Bitvavo Payments, has been established, which operates exclusively for Bitvavo and functions as a bankruptcy-remote vehicle for safeguarding user’s funds.

Screened Employees

All Bitvavo employees have passed a background check and have provided a certificate of good conduct. The Bitvavo team organizes regular internal trainings to raise awareness and educate its members in regards to security-related matters and best practices.

Security Audits

Code is reviewed by multiple different specialized IT security firms. In addition to this, penetration tests are executed to try to breach our systems. On each major code change, this process is repeated to maintain the resilience and level of security of the Bitvavo systems.

Responsible Disclosure

Bitvavo acknowledges that any platform can contain security vulnerabilities; there is no such thing as absolute security. Get rewarded for discovering potential exploits and security vulnerabilities.