A new level of security for new investing experiences
SnapTrade ensures a safe connection experience so users can engage endlessly and care-free with any app who consumes our API.
While exploring new investing experiences, users want the kind of security that reassures them the path they are on is safe. This starts with protecting their financial information - how it is accessed, from where, and most importantly, who it is shared with. SnapTrade wants to help build new investing experiences - but we wouldn’t dare skimp on the things that matter.
SnapTrade has two types of API integrations: official and bespoke.
Official or OAuth connections
SnapTrade’s default connection approach is the official connection. Official connections are OAuth to brokerages with open API’s. For official integrations, we use OAuth2 connections to avoid storing user login credentials.
For all other integrations, we use bespoke connections that are reverse-engineered from brokers that do not have open APIs. For these connections, we store credentials encrypted with AWS KMS.
SnapTrade has a simple data security philosophy
User data belongs to the user
SnapTrade doesn't touch user data without their permission, which is authenticated only when they log in to their brokerage.
User password integrity is our primary goal
We only store credentials when it is essential to the user experience. For bespoke connections, we store and encrypt credentials with AWS KMS. And most important, we never, ever share these credentials.
User data is secured in transit, at rest, and 24/7
Before, during, and after data goes on the move from a broker to an app, SnapTrade encrypts it for maximum security.
The Data Journey with SnapTrade
User investment data lives at the brokerage. To fetch that data, a user must permit SnapTrade to retrieve it.
From the app platform, a user connects to the SnapTrade connection portal and identifies their brokerage.
The user authenticates themselves by logging into their account via the connection portal. Support for 2FA is enabled to ensure account safety.
SnapTrade securely connects the user brokerage account to the app.
SnapTrade establishes a persistent and secure connection from the user brokerage account to the app.
SnapTrade fetches and then encrypts the brokerage account data in transit.
The account data syncs with the app.
The data populates the app to be engaged with for a full user experience.
When the user is offline, the user data is regularly synced to the app as it changes at the broker level, encrypted in transit.
SnapTrade is trusted to keep data secure every step of the way.
More than 40 apps trust SnapTrade to protect the data in their chain
SnapTrade is aligned with the highest standards for data security
For the collection, processing, and maintenance of data, as well as protecting the data itself
SnapTrade has incorporated the standard of SOC-2 compliance.
Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles” — security, availability, processing integrity, confidentiality, and privacy.