Serious About Security

We protect what matters most with enterprise-grade security.

A platform built for crypto’s unique risks

Organizational security

We protect your data by following key security principles: Confidentiality, Integrity, and Availability. Our approach aligns with top industry standards like ISO 7200x, NIST, and OWASP to ensure your personal information is kept safe and private.

Data protection

Our platform uses modern security controls, including Zero Trust (always verifying access), RBAC (permissions based on roles), MFA (extra login protection), and monitoring systems like SIEM and SOAR to detect and respond to threats.

Data encryption

We use AES256-bit encryption and TLS across all network connections to securely protect all of our data, backups and tokens, ensuring they stay confidential and out of the wrong hands.

Insurance & theft protection

We maintain comprehensive crypto asset insurance to help protect against loss or theft. Over 80% of assets are stored offline in secure cold storage, reducing risk and strengthening our security posture.

SOC 2 Type II certified

Newton has completed its SOC 2 Type II certification, which means that our platform's security controls are not only well-designed but also regularly audited to meet regulatory expectations.

Security operations.
Always on, always watching.

Monitoring & Incident Response

Our systems are monitored 24/7/365 to detect and respond to threats in real time. We conduct regular audits and internal control reviews to ensure operational resilience and regulatory alignment.

Threat
Management

We perform annual third-party penetration tests and monthly internal security reviews. Our active Bug Bounty program encourages responsible disclosure and helps us stay ahead of evolving threats.

Security & Fraud FAQs

Are there extra steps I can take to secure my accounts?

Setting up two-factor authentication wherever it’s available is a helpful security step you can proactively take. It may prevent a bad actor from accessing your account even if they have your password, so it’s worth taking the time to set it up.

Is it ever okay to share my seed phrase or private keys?

No. Not with support teams, not with “investment advisors,” not with anyone. A legitimate company or professional service provider would never ask for your seed phrase.

When someone has your seed phrase, they can import your wallet into their own device and drain every token, coin, and NFT in that wallet across every chain in seconds; no additional passwords or permissions needed. These transactions are irreversible. An exposed wallet should be considered compromised forever.

How can I avoid phishing scams?

You can reduce your risk by typing website addresses directly into your browser instead of clicking links in unexpected emails or messages. Even small spelling changes in a URL can signal a fake site, so always look before you click.

What are common red flags in investment messages?

Urgency is a big one. So are promises of guaranteed or risk-free returns. If the message pressures you to act immediately, pause and make sure taking the next action is in your best interest.

Are there personal rules I should follow?

A simple one: don’t send crypto to someone you haven’t met in person or independently verified. Once it’s gone, it’s rarely recoverable. Risk isn’t limited to digital assets; scams happen everywhere. Double-check links, and if something sounds too good to be true, it likely is. Report scams to the Canadian Anti-Fraud Centre or your provincial regulator, and if you believe your Newton account has been compromised, please contact us immediately.

How should I contact Newton customer support?

You can reach us by emailing [email protected] or by opening a ticket in the Newton app. We'll never contact you first, asking for account access or personal information.

Secure access

Continue in the Newton app.

Explore additional features

Fund, trade and manage your portfolio.