Security Overview
PositionTracker is committed to protecting your financial data with industry-leading security practices. Our security program is designed to meet the requirements of financial data integrations while maintaining a seamless user experience.
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256-GCM. Sensitive financial tokens receive additional application-level encryption.
Multi-factor authentication is required for accessing financial features. We support phishing-resistant methods including passkeys and hardware security keys.
Role-based access control ensures users can only access their own data. Administrative access requires additional authentication and is fully audited.
Compliance
We maintain compliance with industry standards and regulatory requirements to protect your data.
Data Encryption
ActiveAll data encrypted in transit (TLS 1.2+) and at rest (AES-256-GCM)
MFA Required
ActivePhishing-resistant MFA for financial data access
CCPA Compliant
ActiveFull support for California Consumer Privacy Act rights
Data Deletion
ActiveUser-initiated deletion with defined retention policies
Vulnerability Scanning
ActiveAutomated dependency scanning with defined patch SLAs
Consent Management
ActiveExplicit consent capture before financial connections
Documentation
Our security policies and procedures are documented and available for review.
Third-Party Security
We partner with industry-leading providers who maintain their own security certifications:
- Clerk - Authentication provider (SOC 2 Type II certified)
- Vercel - Application hosting (SOC 2 Type II certified)
- Neon - Database hosting (SOC 2 Type II certified)
- Plaid - Financial data connections (SOC 2 Type II certified)
Plaid Integration
When you connect a brokerage account through Plaid:
- Your brokerage credentials are never shared with or stored by PositionTracker
- We receive read-only access to holdings and transactions
- We cannot move money or execute trades
- You can disconnect at any time, which immediately revokes our access
Learn more about Plaid's security at plaid.com/security.
Security Questions?
If you have questions about our security practices or want to report a security issue:
- Security Issues: security@positiontracker.trading
- Privacy Inquiries: privacy@positiontracker.trading
- General Support: support@positiontracker.trading