Security

How we protect your data and trading accounts

Security Overview

At Tradeeon, security is our top priority. We implement industry-standard security measures to protect your data, API keys, and trading accounts. This page outlines our security practices, certifications, and how we handle security incidents.

Production Ready

Comprehensive security measures implemented and verified

OWASP Compliant

Following OWASP Top 10 security best practices

Security Measures

Encryption

  • TLS 1.2+: All data encrypted in transit using industry-standard TLS protocols
  • HSTS: HTTP Strict Transport Security enforced with preload
  • API Keys: Encrypted at rest using Fernet symmetric encryption
  • Database: All sensitive data encrypted at rest

Authentication & Authorization

  • Supabase Auth: Industry-standard authentication service
  • Email Verification: Required before account access
  • JWT Tokens: Secure token-based authentication
  • Session Management: Secure session storage via Supabase

API Security

  • Rate Limiting: All endpoints protected (5-20 requests per 5-10 seconds)
  • CSRF Protection: CSRF tokens and Origin header validation
  • Input Validation: All user inputs sanitized and validated
  • Output Encoding: HTML entity encoding for all user-generated content

Infrastructure Security

  • AWS CloudFront: DDoS protection and edge security
  • WAF: Web Application Firewall protecting against common attacks
  • Security Headers: Comprehensive HTTP security headers
  • Regular Updates: Dependencies updated and vulnerabilities patched

HTTP Security Headers

Implemented Headers:

  • ✓ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  • ✓ Content-Security-Policy: Comprehensive policy restricting scripts and resources
  • ✓ X-Content-Type-Options: nosniff
  • ✓ X-Frame-Options: DENY
  • ✓ Referrer-Policy: strict-origin-when-cross-origin
  • ✓ Permissions-Policy: Restricts geolocation, microphone, camera
  • ✓ X-XSS-Protection: 1; mode=block

Verify our security headers: securityheaders.com

Vulnerability Disclosure

We take security seriously and appreciate responsible disclosure of vulnerabilities. If you discover a security issue, please report it to us.

How to Report:

Security Certifications & Audits

Current Status:

  • OWASP Compliance: Following OWASP Top 10 best practices
  • SSL/TLS: A-grade certificate configuration (AWS ACM)
  • GDPR Compliance: Privacy policy and data protection measures in place

Security Test Results:

Data Protection

What We Protect:

  • ✓ API keys encrypted at rest
  • ✓ User credentials never stored in plain text
  • ✓ Trading data encrypted in transit
  • ✓ Personal information protected per GDPR

What We Don't Store:

  • ✓ We never store your API secrets in plain text
  • ✓ We never store your trading passwords
  • ✓ We never access your exchange accounts without permission

Security Best Practices for Users

  • Use strong, unique passwords for your Tradeeon account
  • Enable two-factor authentication (2FA) when available
  • Create API keys with minimal required permissions
  • Whitelist our IP addresses in your exchange API settings
  • Never share your API keys or secrets
  • Regularly review your connected accounts and active sessions

Questions about security? Contact us at security@tradeeon.com

← Back to Home