Overview & Principles
- Data minimization: We do not ingest brokerage credentials or trade on your behalf. Public charts and institutional forms only.
- Defense-in-depth: Managed hosting, WAF/CDN, backups, and least-privilege access.
- Transparency: Clear disclosure channel and security.txt.
Hosting & Network
- Reputable cloud hosting with regional redundancy and automated snapshots.
- TLS 1.2+ in transit; storage protected by provider-level encryption at rest.
- CDN/WAF, basic bot filtering, and rate limiting for common routes.
Application Security
- Dependency management with regular updates; minimal server-side logic.
- Secure headers (HSTS where appropriate), CSP-first posture for new features.
- Least-privilege keys; secrets not stored in client code.
Accounts & Data
- No end-user accounts for retail; institutional forms only.
- Form submissions delivered to support@engineertrade.io; retained per our Privacy Notice.
Sub-processors
- Hosting/CDN: Cloud provider for static assets and security edge.
- Analytics: Plausible (cookieless, privacy-centric).
- Email/Form routing: Standard email infrastructure.
Vulnerability Reporting (Responsible Disclosure)
If you believe you’ve found a security issue, email support@engineertrade.io with details and reproduction steps. Please avoid accessing data that isn’t yours and give us reasonable time to remediate before public disclosure.
Security.txt: /.well-known/security.txt
Incident Response
- Severity-based triage; confirm, contain, eradicate, and recover.
- Notify affected parties and regulators when required.
- Post-incident review and hardening.
Compliance Roadmap
We are a visual research overlay. Formal attestations (e.g., SOC 2 Type I) are considered as the platform matures and customer requirements justify them. Current focus: controls that materially reduce risk for non-custodial research content.
← Back to Institutional Site