Exported reports from BE Custody may contain sensitive operational, financial, transactional, user, wallet, address, or audit information.
Users should handle exported reports carefully and only store, share, or process them through systems approved by their organisation.
Why secure handling matters
Reports and audit exports may reveal information about custody activity, including balances, transactions, users, approvals, wallets, addresses, timestamps, and operational workflows.
If handled incorrectly, exported reports may increase risks such as:
- Unauthorised disclosure of organisational or customer information
- Exposure of wallet or transaction activity
- Leakage of internal operational processes
- Misuse of audit or reporting data
- Social engineering
- Unauthorised onward sharing
- Loss of control over sensitive records
What information might be included in exported reports?
Depending on the report type and your organisation’s configuration, exported reports may include information such as:
- Wallet names or identifiers
- Asset balances
- Transaction details
- Transaction IDs or hashes
- Addresses
- User names or email addresses
- Approval activity
- Audit events
- Timestamps
- Operational notes or references, where applicable
Not all exported information is secret, but it should still be treated as sensitive operational data.
Where should exported reports be stored?
Exported reports should only be stored in locations approved by your organisation.
This may include approved document management systems, secure internal drives, compliance systems, audit repositories, or other controlled storage locations.
Avoid storing reports in:
- Personal cloud storage
- Unapproved shared folders
- Local files on unmanaged devices
- Email inboxes where retention and access are not controlled
- Chat channels or informal file-sharing tools
- Public or externally accessible locations
Who should reports be shared with?
Reports should only be shared with authorised recipients who have a legitimate business need to access them.
This may include authorised users in:
- Operations
- Treasury
- Compliance
- Finance
- Audit
- Security
- Legal
- Management or governance functions
Before sharing externally, follow your organisation’s approval process and confirm whether confidentiality, data protection, or contractual requirements apply.
How should reports be shared?
Use your organisation’s approved secure sharing process.
When sharing reports, consider:
- Whether the recipient is authorised
- Whether the full report is required
- Whether a redacted version is more appropriate
- Whether access should be time-limited
- Whether onward sharing should be restricted
- Whether the transfer method is approved
- Whether the report should be encrypted or access-controlled
Do not share reports through informal or unapproved channels.
How long should reports be kept?
Report retention should follow your organisation’s internal record-keeping, audit, compliance, and data retention requirements.
Reports should be deleted, archived, or access-restricted when they are no longer required, in line with your organisation’s policy.
What should I do if a report was shared incorrectly?
If you believe an exported report has been shared with the wrong recipient, stored in an unapproved location, or exposed externally, follow your organisation’s internal escalation process immediately.
Your organisation may need to review access, remove files, restrict recipients, investigate onward sharing, or assess whether any further action is required.
If Bitpanda Enterprise Custody Support is needed, contact Support through the approved support channel.
Do not include passwords, PINs, private keys, seed phrases, API keys, API secrets, access tokens, or other sensitive authentication information in a support request.