Heaps takes extensive security measures to help keep your crypto account safe and secure.
Summary of Heaps security features
- Two-step verification is required for all accounts
- All Heaps data is stored encrypted with bank-level AES-256 encryption
- All traffic is encrypted using industry standard TLSv1.2 encryption
- Heaps does not store nor have access to the private keys for your cryptocurrency stored with our custodial partner, Prime Trust
- Two-step verification is required for withdrawals and key account activities, including a transaction confirmation with Prime Trust via email
- Heaps requires a 48-hour security window when adding any new wallet address, with notification via email for added precaution
- Heaps is SSL encrypted to protect you when using the site
- Prime Trust carries an extensive insurance policy to protect digital assets
Ultimately, security is a shared responsibility. Be sure to follow our actionable tips to help keep your account safe from unauthorized access.
Where is my crypto stored?
When you buy cryptocurrency using Heaps, your coins are stored by a licensed and regulated Nevada chartered trust company, Prime Trust, which secures billions of dollars worth of fiat and cryptocurrency for some of the largest companies in the industry.
Your cryptocurrency and cash are stored under your name with Prime Trust, with you as the sole legal owner. Heaps does not have the ability to move your funds.
Your cryptocurrency is stored in offline cold-storage wallets using best-in-class security practices and technologies, and you are able to withdraw crypto to your own wallet at any time.
Heaps cannot move your crypto or cash without your authorization
In order to ensure that only you can move crypto or cash out of your account, you will receive a direct confirmation of withdrawal from Prime Trust whenever you withdraw cash or crypto. This email is delivered directly from Prime Trust, and requires your authorization to move crypto from Prime Trust cold storage wallets to your own, or to move cash from your Prime Trust account to your bank account.
How does money move from my bank account to buy crypto?
When you link your bank account to Heaps, your bank information is passed to and stored directly with Prime Trust, a licensed and regulated trust company, into an account registered legally under your name. Heaps never stores your bank information and has no ability to withdraw from your bank.
Cash deposits into Heaps via ACH are initiated directly by Prime Trust. In most cases, Heaps makes your funds available to buy crypto instantly. Funds cannot be withdrawn from Heaps until 10 days have passed from the time of deposit.
What personal data does Heaps store?
Heaps stores the minimal personal data required to be compliant with regulations. Currently, this is limited to your name, email, address, phone number, date of birth, and the last four digits of your social. This information is stored in an encrypted database.
While our site collects social security numbers and identity documentation as required by law to open a trust account with Prime Trust, this information is relayed directly over an encrypted connection to be securely processed by Socure, a leading identity verification service trusted by thousands of top financial institutions. This information is never stored on Heaps servers.
How is my data secured?
- All Heaps data is stored encrypted with military-grade AES-256 encryption
- All traffic is encrypted using industry-standard TLSv1.2 encryption
- Heaps does not store nor have access to the private keys for your cryptocurrency stored with our custodial partner, Prime Trust
What happens if Heaps goes out of business?
All of your fiat and crypto holdings are stored in an account in your name with Prime Trust. In the unlikely event of Heaps going out of business, you still have legal control of funds stored within Prime Trust and can request disbursement using your email. Contact Prime Trust for more information.
Reporting security issues
If at any time you have security concerns, questions, or have found a critical security vulnerability, please contact us immediately via support@getheaps.com.