Q: How does Cobalt secure user data?
A: From the moment you visit the Cobalt site, all communication between your web browser and the Cobalt servers is encrypted. Strong passwords are required during account creation. We use secure third party services like Amazon Web Services and Heroku for hosting, and have implemented many additional layers of security to protect our users.
Q: What security practices do Cobalt employees follow to prevent data leaks?
A: All Cobalt employees are required to use strong, unique passwords and use 2-factor authentication with Authy or Google Authenticator wherever possible. Additionally, employees use password managers, employ screen-locking, and encrypt local hard drives to protect data. More information on our internal security practices can be found here.
Q: How does Cobalt ensure safe payment processing?
A: Cobalt uses Stripe & Coinbase for payment processing, which ensures that we do not store credit card or payment details for users. Stripe meets PCI Service Provider Service Requirements, and more information about their security can be found here.
Q: I have found a vulnerability on Cobalt. How can I report it?
A: Any site vulnerabilities you find can be reported to Cobalt's vulnerability disclosure email address at firstname.lastname@example.org.