LogoTradersCompanion
Security

Security at TradersCompanion

We take the security of your trading data seriously. Here's how we protect it.

Data Encryption

All data in transit is encrypted using TLS 1.2 or higher. Passwords are stored using a salted bcrypt hash — your actual password is never stored or readable by us.

Secure Infrastructure

TradersCompanion runs on cloud infrastructure with strict network access controls and firewall rules. Database access is restricted to application servers only — no public exposure.

Minimal Data Access

Your trade data is private and only accessible to you. Internal access to user data is restricted on a need-to-know basis and is logged for audit purposes.

Authentication

Sessions are managed with secure, HTTP-only cookies. We support strong passwords enforced by minimum-length requirements. Two-factor authentication (2FA) is on our development roadmap.

Dependency Management

We actively monitor our software dependencies for known vulnerabilities using automated tooling and update critical packages promptly.

Incident Response

In the event of a data breach that affects your personal data, we will notify affected users and the Dutch Data Protection Authority (AP) within 72 hours as required by GDPR.

Security Best Practices

We encourage all users to:

  • Use a unique, strong password for your TradersCompanion account.
  • Not share login credentials with anyone.
  • Regularly export a copy of your trade data as a personal backup.
  • Report any suspicious behaviour immediately (see below).

Responsible Disclosure

If you discover a security vulnerability in TradersCompanion, please report it to us privately before disclosing it publicly. We commit to:

  • Acknowledging your report within 5 business days.
  • Investigating and resolving confirmed vulnerabilities promptly.
  • Not taking legal action against researchers who act in good faith.

Please do not access, modify, or delete user data beyond what is necessary to demonstrate the vulnerability. Do not perform denial-of-service attacks or social engineering against our users or team.

Report vulnerabilities to support@traderscompanion.org. Please encrypt sensitive details using our PGP key (available on request).

What We Do Not Do

  • We never sell your trade data or personal information to third parties.
  • We never use your trade data to make trading decisions or share it with any trading entity.
  • We never request your broker or exchange API keys (we use CSV import only).
  • We never ask for your password via email or support chat.

Contact

Security concerns or general questions: support@traderscompanion.org