Company

Security & Compliance

Enterprise-grade security for Bitcoin banking infrastructure. ISO 27001 certified and continuously monitored.

ISO 27001 Certified

Galoy has achieved ISO 27001 certification, the international standard for information security management systems (ISMS). This certification demonstrates our commitment to:

  • Systematic Risk Management

    Identifying, assessing, and treating information security risks

  • Continuous Improvement

    Regular review and enhancement of security controls

  • Third-Party Validation

    Independent audits by accredited certification bodies

View Certificate

Certificate: ISMS-GA-1-1324

A-LIGN ISO 27001 Certification Badge

Security Practices

How we protect your Bitcoin banking infrastructure

Full Audit Trail

Complete, immutable history of all system actions and transactions. Every operation is logged and traceable, supporting regulatory examinations and internal governance requirements.

End-to-End Encryption

All data in transit and at rest is encrypted using industry-standard protocols (TLS 1.3, AES-256).

Regular Penetration Testing

Third-party security firms conduct regular penetration tests and vulnerability assessments.

24/7 Security Monitoring

Continuous monitoring of all systems with automated alerting for suspicious activity.

Access Controls

Role-based access control (RBAC) with principle of least privilege for all system access.

Disaster Recovery

Comprehensive backup and disaster recovery procedures with regular testing and validation.

Responsible Disclosure

We take security vulnerabilities seriously and appreciate the efforts of security researchers who help keep our systems safe.

Reporting a Vulnerability

If you discover a security vulnerability, please report it to us responsibly:

  • Email: security@galoy.io
  • Include detailed steps to reproduce the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • Do not access or modify customer data

Our Commitment

We are committed to working with security researchers and will acknowledge valid reports. Your responsible disclosure helps us maintain the highest security standards for our users.

Questions About Security?

Our team is ready to discuss how Galoy meets your institution's security requirements.

Contact Security Team View Products