Security
Protecting your data is fundamental to everything we build. This page describes the security practices we follow to keep your personal information and portfolio data safe.
No system is 100% secure. While we strive to use commercially reasonable safeguards, we cannot guarantee absolute security. We are committed to continuously improving our security posture.
Data Encryption
We use industry-standard encryption to protect your data. Communication between your browser and our servers is secured using TLS 1.2 or higher. We use encrypted storage services provided by our cloud infrastructure to protect stored data, including your portfolio holdings and personal information.
Access Controls
Access to user data is restricted to authorized personnel on a need-to-know basis, following the principle of least privilege. We use multi-factor authentication on infrastructure and administrative accounts. Access permissions are reviewed regularly, and unused access is revoked promptly.
Infrastructure Security
Our platform is hosted on enterprise-grade cloud infrastructure with DDoS protection, web application firewalls (WAF), and network-level security controls. Production and test environments are separated with independent credentials.
Monitoring and Logging
We monitor our systems for unauthorized access attempts and security events. Security logs are retained for investigation and audit purposes. Unusual activity is investigated promptly.
Incident Response
We maintain an incident response plan to detect, contain, investigate, and remediate security events. In the event of a data breach, affected users will be notified as required by applicable law. Security incidents are documented and reviewed to prevent recurrence.
Third-Party Security
Our infrastructure and service providers maintain industry-standard security practices and certifications. We evaluate vendor security practices before and during engagement.
Vulnerability Management
We apply security patches on a priority basis: critical vulnerabilities within 24–48 hours, high-severity within 7 days, and medium-severity within 30 days. Application dependencies are regularly updated and monitored for known vulnerabilities.
Reporting Security Issues
If you discover a security vulnerability or have a security concern, please contact us immediately. We take all reports seriously and will investigate promptly.
Contact Us
For security concerns, vulnerability reports, or questions about our security practices, please contact us at [email protected]. We aim to respond to security reports within 24 hours.
For details on how we collect, use, and protect your data, see our Privacy Policy.