Security at SnapTrade
SnapTrade follows strict procedures and processes to exceed industry standard practices. We make sure data is always secured and encrypted at rest and in transit. Your data is only shared with authorized apps and can be revoked at anytime within the app.
Our data security posture
User data belongs to the user
SnapTrade doesn't touch user data without their permission, which is authenticated only when they log in to their brokerage. Apps using SnapTrade must also agree not to sell or share user data without the users' expressed consent.
Use OAuth-based authentication when available
Where possible, we authenticate using OAuth. However, not all institutions support OAuth access. In these cases, SnapTrade can only facilitate the connection using account credentials. These are treated with the highest possible sensitivity, and are stored and encrypted with AWS KMS.
Data is secured at rest and in transit
All data shared between SnapTrade and authorized partner apps is secured by TLS and authenticated using a secure cryptographic signature for each request.
SnapTrade is SOC 2 Type II certified
Our systems and processes meet rigorous industry requirements for protecting data, ensuring that sensitive information is handled with the utmost care. We also work with third-party security firms to conduct penetration tests and have a bug bounty program*.
* Bug bounty & responsible disclosure: SnapTrade welcomes responsible security research. We review every report and may reward verified, impactful findings. SnapTrade reserves final determination of severity and payment. We cannot accept submissions or make payments to individuals or entities in jurisdictions subject to U.S. or Canadian sanctions.