From my little research on how data is secured at Koinly, it looks like they are not keeping any records of the personal information, like official name associated with the “portfolio” in their own database.
They are using stripe (https://stripe.com) to validate the purchase of the plan, that’s the one who have all the personal information I believe. I have always found strange as well not having 2FA, but maybe that’s the reason.
You are maybe just a number in their database, without anything else attached, at least it s what I’ve understood but I would love to have more clarification on this…
I really believe they should communicate a bit more on how privacy is handled. They could even put this in front of their webpage, people starts to care more about their privacy, and this awareness is just starting.
That would help to bring them more clients and also not lose any.