Through NODE40 Balance, you as the customer are able to make a connection between the NODE40 Balance application and your account on Coinbase by using Coinbase's OAuth2 security model. At no point does your password get transmitted, logged, or stored by NODE40 servers. This is similar to how many web sites allow you to "Sign in with Google" or "Sign on with Facebook".
In this case, you are signing into Coinbase. We have configured the link to be read-only. This means that even if the link were to become compromised (very highly unlikely), the most that could be done to your Coinbase account is that pass transaction details and your username/profile could be read. Nothing else. NODE40 cannot create trades or effect any balances whatsoever. NODE40 receives a authorization token to your Coinbase account with the ability to read your data. That token is encrypted and signed using a key that is generated on the fly and is unique to you only.
At anytime, you can log into your Coinbase account and unlink NODE40 if you ever feel uncomfortable. Our approach to this model follows industry standards and we implement strong encryption out of an abundance of caution. Our success depends on keeping your information private and secure. We take it very seriously.
You can read more about Coinbase Security here: https://developers.coinbase.com/docs/wallet/coinbase-connect
You can read more about OAuth2 in general here: https://oauth.net/2/