Back to Home

Security

Your data security is our top priority

Our Security Commitment

At StockIQ, we understand that you're entrusting us with sensitive financial information. We employ industry-leading security practices and technologies to protect your data at every level.

Encryption

  • 256-bit AES encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • End-to-end encrypted backups

Access Control

  • Multi-factor authentication (MFA)
  • Role-based access controls
  • Session timeout and management

Infrastructure

  • SOC 2 Type II compliant data centers
  • Redundant backups and disaster recovery
  • 24/7 infrastructure monitoring

Monitoring

  • Real-time threat detection
  • Automated security alerts
  • Regular security audits

Data Security Practices

1. Data Encryption

All your portfolio data is encrypted using military-grade 256-bit AES encryption when stored on our servers. When data travels between your device and our servers, it's protected by TLS 1.3, the latest and most secure encryption protocol.

2. Access Controls

We implement strict access controls to ensure only authorized personnel can access our systems:

  • Multi-factor authentication (MFA) required for all team members
  • Principle of least privilege - access limited to what's necessary
  • Regular access reviews and audits
  • Background checks for all employees
  • Mandatory security training for all staff

3. Network Security

Our infrastructure is protected by multiple layers of security:

  • Web Application Firewall (WAF) to block malicious traffic
  • DDoS protection to prevent service disruptions
  • Intrusion Detection Systems (IDS) for real-time threat monitoring
  • Regular penetration testing by third-party security experts
  • Vulnerability scanning and patch management

4. Application Security

We follow secure development practices:

  • Security code reviews for all changes
  • Automated security testing in our CI/CD pipeline
  • Protection against OWASP Top 10 vulnerabilities
  • Regular security updates and patches
  • Secure API design with rate limiting

Data Privacy & Handling

What We Don't Do

We are committed to protecting your privacy:

  • We never sell your data to third parties
  • We never share your portfolio holdings with anyone
  • We never use your data for advertising
  • We never request your broker passwords - we only accept read-only exports
  • We never access your bank accounts directly

Data Isolation

Your portfolio data is strictly isolated:

  • Each user's data is logically separated in our database
  • No user can access another user's portfolios
  • Our support team can only view your data with your explicit permission
  • Automated systems process data without human access

Compliance & Certifications

StockIQ adheres to industry standards and regulations:

  • SOC 2 Type II: Third-party audited security controls
  • GDPR Compliant: European data protection standards
  • ISO 27001 (in progress): Information security management
  • PCI DSS: Secure payment processing (via certified partners)

Incident Response

In the unlikely event of a security incident:

  • We have a 24/7 incident response team
  • We will notify affected users within 72 hours
  • We conduct thorough post-incident analysis
  • We implement measures to prevent recurrence
  • We maintain cyber insurance for additional protection

Your Security Responsibilities

You can help keep your account secure by:

  • Using a strong, unique password - at least 12 characters with mixed case, numbers, and symbols
  • Enabling two-factor authentication (2FA) - adds an extra layer of security
  • Never sharing your credentials - even with support (we'll never ask)
  • Keeping your email secure - it's your primary recovery method
  • Logging out on shared devices - always log out when using public computers
  • Reviewing account activity - check for suspicious logins regularly
  • Reporting suspicious activity - contact us immediately if something seems wrong

Data Backups & Recovery

We maintain robust backup systems to protect your data:

  • Automated daily backups of all data
  • Backups stored in geographically distributed locations
  • Point-in-time recovery capability
  • Regular backup restoration testing
  • 30-day backup retention period

Third-Party Security

We carefully vet all third-party services:

  • Security assessments before integration
  • Regular vendor security reviews
  • Contractual data protection requirements
  • Limited data sharing (only what's necessary)

Reporting Security Issues

If you discover a security vulnerability or have security concerns:

🔒 Responsible Disclosure

Please report security vulnerabilities to our security team at:

Email: [email protected]

We appreciate responsible disclosure and will respond within 48 hours. We do not currently offer a bug bounty program but recognize and thank security researchers who help us improve.

Security Updates

This page is regularly updated to reflect our current security practices. Last updated: January 1, 2025

Questions?

If you have questions about our security practices, please contact us:

Security Team: [email protected]

General Support: [email protected]

Privacy Questions: [email protected]