FAQ: Security

What happens in the event of Tangany's insolvency?

Tangany stores customers' crypto assets strictly separate from its own corporate assets. Even in the case of insolvency, the clear allocation of custodied crypto assets to individual customers is guaranteed. As a regulated financial service provider, Tangany is supervised by BaFin and the Bundesbank and is required to report its financial position quarterly.

How are my crypto assets secured by Tangany?

As a crypto custodian, Tangany is fundamentally liable to its customers for the loss of crypto assets or the access tools to those assets resulting from an incident attributable to Tangany. The custodian's liability is limited to the market value of the lost crypto assets at the time of the loss.

Incidents not attributable to the custodian include any event where the custodian can prove it occurred independently of the service provided or the custodian's processes. Such an issue could arise, for example, from problems within the blockchain network, which the custodian cannot control.

To mitigate liability risks, Tangany maintains insurance coverage for scenarios such as operational errors and criminal actions. Since these insurance policies apply to incidents that may affect one or more customers, no fixed coverage limit can be guaranteed for individual customers.

How does Tangany ensure the necessary security?

Tangany is responsible for the secure custody of your crypto assets in blockchain wallets. All customer assets are protected using state-of-the-art cryptographic technologies such as HSM (Hardware Security Modules) and MPC (Multi-Party Computation). The private key granting access to the blockchain wallets cannot be accessed by Tangany employees or third parties under any of the technologies employed.

Tangany undergoes regular security audits conducted by German regulatory authorities and specialized audit and certification firms.

How is my data protected at Tangany?

Tangany strictly adheres to all applicable provisions of the General Data Protection Regulation (GDPR). This means we handle your data with the utmost care and process it only for purposes necessary to deliver our services.

Tangany is also subject to statutory recording and retention obligations under the German Anti-Money Laundering Act (§ 8 GwG). This means we are legally required to retain certain data for a period of five years. This obligation remains binding even if you request the deletion of your data, and in such cases, immediate deletion cannot be accommodated.

What certifications does Tangany hold?

Tangany is ISO 27001:2022 certified, demonstrating that we have implemented a comprehensive Information Security Management System (ISMS) across the organization to ensure the protection of information according to the principles of integrity, confidentiality, authenticity, and availability.

In addition, Tangany complies with BaFin's regulatory requirements by adhering to relevant guidelines, including the BSI Standard 200-1 (Information Security Management Systems), MaRisk (Minimum Requirements for Risk Management), and BAIT (Supervisory Requirements for IT in Financial Institutions).

Tangany is also continuously enhancing its compliance framework to meet the requirements of the Digital Operational Resilience Act (DORA). DORA complements and extends the BAIT guidelines to ensure greater operational resilience.