Security

Bank-Level Security for Your Research

Your financial data powers your AI research team. We protect it with the same rigor as institutional systems.

256-bit AES Encryption

All data is encrypted at rest and in transit using military-grade AES-256 encryption.

SOC 2 Type II Certified

Our security practices are independently audited and certified to meet the highest standards.

Read-Only Access

We only request read-only access to view your positions. We can never move your money.

No Credential Storage

Your login credentials are never stored on our servers. We use secure OAuth through Plaid.

Two-Factor Authentication

Protect your account with optional 2FA using authenticator apps or SMS.

Regular Penetration Testing

Our systems are regularly tested by third-party security firms to identify vulnerabilities.

Certifications

Industry-Leading Compliance

Our security practices meet the highest industry standards.

SOC 2 Type II

Annual audit for security, availability, and confidentiality

GDPR Compliant

Full compliance with European data protection regulations

CCPA Compliant

California Consumer Privacy Act compliance

PCI DSS

Payment Card Industry Data Security Standard

How We Protect Your Data

A look at our security architecture and data handling practices.

Data in Transit

All data transmitted between your device and our servers is encrypted using TLS 1.3. We enforce HTTPS across all endpoints and use certificate pinning in our mobile apps.

Data at Rest

Your financial data is encrypted at rest using AES-256 encryption. Encryption keys are managed using AWS KMS with automatic key rotation. Database backups are encrypted and stored in geographically distributed, SOC 2 certified data centers.

Account Access

We connect to your financial accounts through Plaid, a SOC 2 certified data aggregation service. Your bank credentials are never stored on our servers—we only receive read-only access tokens. You can revoke access to any connected account at any time.

Infrastructure Security

Our infrastructure is hosted on AWS with VPC isolation, security groups, and WAF protection. We perform regular penetration testing through third-party security firms and maintain a bug bounty program for responsible disclosure.

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure and reward valid reports.

Report a Vulnerability