Security

At TradersPost, protecting the security and safety of your accounts and identity is one of our highest priorities. We deploy modern software development, operational and security best practices in order to keep your accounts safe.

TradersPost customers can access their accounts safely and securely online from any device that is connected to the internet and has a web browser. TradersPost uses modern and secure technologies and other internal processes to ensure that your accounts stay safe and you can access them reliably. Here are some of the ways that we keep your account safe.

  • We deploy automated system monitoring and vulnerability detection software that is constantly monitoring our software keeping you safe.
  • Automated Continuous Integration and Continuous Deployment processes that are continuously testing the software for vulnerabilities and bugs as we make changes.
  • Our software is secured using 256-bit data encryption (TLS/SSL) to ensure your data is protected whenever you access your accounts.
  • Your TradersPost password is hashed and encrypted using a cryptographically secure algorithm.
  • All data is encrypted at rest when stored on disk.
  • When you authorize TradersPost to access your brokerage accounts, we encrypt and store the access token they provide us. We never store your brokerage account username or password and it never passes through our servers or network.
  • Accounts can optionally enable two-factor authentication (2FA). By enabling 2FA, you add an extra layer of protection to your account that goes beyond just a password. With 2FA, you will need to provide a second form of authentication, such as a code generated by an app, in addition to your password, to log in to your account.

Compliance & Security Standards

TradersPost leverages infrastructure and services that are SOC 2 and PCI DSS compliant through our hosting providers, Heroku (Salesforce) and Google Cloud Platform. Our infrastructure and operational controls are aligned with industry-standard security frameworks and best practices.

Infrastructure & Hosting Security

  • All production systems are hosted on Heroku and Google Cloud Platform.
  • Physical data center security is enforced and regularly audited by our hosting providers.
  • Network isolation, firewalls, and DDoS protection mechanisms are in place at the infrastructure level.
  • Hosting providers perform regular third-party audits to validate security and compliance.

Access Controls & Authentication

  • TradersPost follows the principle of least privilege when granting access to systems and data.
  • Internal systems use role-based access controls to restrict and manage permissions.
  • Multi-factor authentication (MFA) is enforced for internal administrative access.
  • Customers can optionally enable two-factor authentication (2FA) for their own accounts.

Monitoring, Logging & Incident Response

  • Centralized logging and monitoring are implemented across our production systems.
  • Automated alerts help detect and respond to suspicious activity quickly.
  • Incident response procedures are documented and periodically reviewed.
  • Business continuity and disaster recovery are backed by features provided through our cloud hosting providers.

Secure Development & Vulnerability Management

  • Development and deployment use secure CI/CD pipelines with access controls and audit trails.
  • Automated vulnerability scanning is performed as part of the software release process.
  • Our coding practices are aligned with the OWASP Top 10 security guidelines.
  • TradersPost maintains a strict separation between development and production environments.

We take your safety and security very seriously and if you have any questions or concerns, please email our support team at [email protected].