Security at Circle.
How we protect customer funds, infrastructure, and data. Plus how to reach our security team if you find something.
Security is the product.
When you're holding tens of billions of dollars in reserves and securing infrastructure that moves trillions, security can't be a layer bolted on — it has to be the foundation. Circle operates under SOC 1, SOC 2, and ISO 27001 with continuous controls and independent audits.
We run a public bug bounty paying up to $1M for critical findings, follow a coordinated disclosure policy, and invest heavily in educating customers about phishing and impersonation.
- SOC 1, SOC 2, and ISO 27001 with annual audits
- Bug bounty up to $1M via HackerOne
- Coordinated disclosure with a 90-day patch SLA
SOC 1, SOC 2, ISO 27001
Annual audits and continuous controls.
Bug bounty
Up to $1M for critical findings via HackerOne.
Disclosure policy
Coordinated disclosure with 90-day patch SLA.
Customer education
How to spot phishing, scams, and impersonators.
Questions worth asking.
Build with Circle.
Start in the sandbox, ship to production in days. Or talk to our team about a deeper partnership.