FAQ: Security

What happens in the event of Tangany's insolvency?

Tangany holds customers' crypto assets exclusively on their behalf and strictly segregated from the company’s own assets. These assets do not form part of the insolvency estate, as they remain the property of the customers and are not recorded on Tangany’s balance sheet.

Even in the event of insolvency, the clear allocation of each asset to the respective customer remains fully traceable. This is ensured through individualized asset accounting and technical segregation.

As a regulated financial institution, Tangany is subject to ongoing supervision by the Federal Financial Supervisory Authority (BaFin) and the German Bundesbank. In addition, the company is required to regularly report its capital adequacy and to comply with regulatory requirements regarding risk management and asset segregation.

How are my crypto assets secured by Tangany?

As a crypto custodian, Tangany is fundamentally liable to its customers for the loss of crypto assets or the access tools to those assets resulting from an incident attributable to Tangany. The custodian's liability is limited to the market value of the lost crypto assets at the time of the loss.

Incidents not attributable to the custodian include any event where the custodian can prove it occurred independently of the service provided or the custodian's processes. Such an issue could arise, for example, from problems within the blockchain network, which the custodian cannot control.

To mitigate liability risks, Tangany maintains insurance coverage for scenarios such as operational errors and criminal actions. Since these insurance policies apply to incidents that may affect one or more customers, no fixed coverage limit can be guaranteed for individual customers.

How does Tangany ensure the necessary security?

Tangany is responsible for the secure custody of your crypto assets in blockchain wallets. All customer assets are protected using state-of-the-art cryptographic technologies such as HSM (Hardware Security Modules) and MPC (Multi-Party Computation). The private key granting access to the blockchain wallets cannot be accessed by Tangany employees or third parties under any of the technologies employed.

Tangany undergoes regular security audits conducted by German regulatory authorities and specialized audit and certification firms.

How is my data protected at Tangany?

Tangany strictly adheres to all applicable provisions of the General Data Protection Regulation (GDPR). This means we handle your data with the utmost care and process it only for purposes necessary to deliver our services.

Tangany is also subject to statutory recording and retention obligations under the German Anti-Money Laundering Act (§ 8 GwG). This means we are legally required to retain certain data for a period of five years. This obligation remains binding even if you request the deletion of your data, and in such cases, immediate deletion cannot be accommodated.

What certifications does Tangany hold?

Tangany is ISO 27001:2022 certified, demonstrating that we have implemented a comprehensive Information Security Management System (ISMS) across the organization to ensure the protection of information according to the principles of integrity, confidentiality, authenticity, and availability.

In addition, Tangany complies with BaFin's regulatory requirements by adhering to relevant guidelines, including the BSI Standard 200-1 (Information Security Management Systems), MaRisk (Minimum Requirements for Risk Management), and BAIT (Supervisory Requirements for IT in Financial Institutions).

Tangany is also continuously enhancing its compliance framework to meet the requirements of the Digital Operational Resilience Act (DORA). DORA complements and extends the BAIT guidelines to ensure greater operational resilience.