Screenshots, exported reports, audit history, transaction details, and support information may contain sensitive operational or customer information.
Users should handle this information carefully and only share it through approved channels, with the minimum information required to investigate or support the request.
Why secure handling matters
Custody-related information can reveal operational details about wallets, transactions, addresses, users, approvals, balances, workflows, or internal processes.
If shared inappropriately, this information could increase risks such as:
- Unauthorised disclosure of customer or organisational information
- Social engineering
- Targeted fraud attempts
- Exposure of wallet or transaction activity
- Leakage of internal operational processes
- Sharing of sensitive access or authentication information
What information may be sensitive?
Sensitive support or operational information may include:
- Wallet names or identifiers
- Addresses
- Transaction IDs or transaction hashes
- Portfolio balances
- Audit history exports
- User names and email addresses
- Role or permission information
- Approval workflow details
- Screenshots of BE Custody Web
- Screenshots of the Bitpanda Custody iOS app
- API or webhook error information
- Internal ticket references or operational notes
Not all of this information is secret, but it should still be handled carefully and shared only where there is a legitimate reason.
What should never be shared?
Never share:
- Passwords
- PINs
- Private keys
- Seed phrases or recovery phrases
- API keys
- API secrets
- Access tokens
- Device passcodes
- Full authentication details
- Any information that would allow someone else to access or approve custody activity
Bitpanda Enterprise Custody Support will not ask you to provide private keys, seed phrases, passwords, PINs, or API secrets.
How should I share screenshots?
Only share screenshots when they are needed to explain or investigate an issue.
Before sharing a screenshot, check whether it includes information that should be removed or obscured, such as:
- Personal information
- Unrelated wallet or transaction details
- Sensitive balances
- Internal notes
- Other customer or organisational information
- API credentials or tokens
- Authentication information
Use your organisation’s approved process for sharing screenshots externally.
How should I handle exported reports?
Exported reports and audit history should be treated as sensitive operational records.
Users should:
- Store reports only in approved locations
- Share reports only with authorised recipients
- Avoid sending reports through informal or unapproved channels
- Follow internal retention and deletion policies
- Remove or restrict access when reports are no longer needed
- Avoid downloading reports to unmanaged personal devices
What should I include in a support request?
Include enough information for the issue to be reviewed, but avoid unnecessary disclosure.
Where relevant, include:
- Your organisation name
- Your name and work email address
- A clear description of the issue or request
- The affected wallet, asset, network, transaction, user, or workflow
- The transaction ID or transaction hash, if relevant
- The approximate date and time
- Screenshots, if useful and appropriate
- Steps already taken
Do not include passwords, PINs, private keys, seed phrases, API keys, API secrets, access tokens, or other sensitive authentication information.
What if I shared sensitive information by mistake?
If you believe sensitive information has been shared incorrectly, follow your organisation’s internal escalation process immediately.
Depending on what was shared, your organisation may need to review access, rotate credentials, remove files, restrict recipients, or investigate recent activity.
Contact Bitpanda Enterprise Custody Support through the approved support channel if support is required.