Security at SnapTrade
SnapTrade follows strict procedures and processes to exceed industry standard practices. We make sure data is always secured and encrypted at rest and in transit. Your data is only shared with authorized apps and can be revoked at anytime within the app.
Our data security posture
User data belongs to the user
SnapTrade doesn't touch user data without their permission, which is authenticated only when they log in to their brokerage. Apps using SnapTrade must also agree not to sell or share user data without the users' expressed consent.
Use OAuth-based authentication when available
Where possible, we authenticate using OAuth. However, not all institutions support OAuth access. In these cases, SnapTrade can only facilitate the connection using account credentials. These are treated with the highest possible sensitivity, and are stored and encrypted with AWS KMS.
Data is secured at rest and in transit
All data shared between SnapTrade and authorized partner apps is secured by TLS and authenticated using a secure cryptographic signature for each request.
SnapTrade is SOC 2 Type II certified
Our systems and processes meet rigorous industry requirements for protecting data, ensuring that sensitive information is handled with the utmost care. We also works with third-party security firms to conduct penetration tests and have a bug bounty program.