Security & Trust
Tradewink handles your broker API keys and executes real trades on your behalf. We take that responsibility seriously. Here's exactly how we protect your data and your money.
Broker Key Encryption
Your broker API keys are encrypted at rest using Fernet symmetric encryption with PBKDF2-derived keys.
- AES-128-CBC encryption via Fernet (Python cryptography library)
- PBKDF2-HMAC-SHA256 key derivation with 480,000 iterations
- Each user's keys are encrypted with a unique salt
- Keys are never stored in plaintext — not in the database, not in logs, not in memory after use
- Decryption happens only at trade execution time, in-memory, and is discarded immediately after
Data Protection
All data in transit and at rest is encrypted using industry-standard protocols.
- TLS 1.3 for all API and WebSocket connections
- PostgreSQL database hosted on Neon with encryption at rest (AES-256)
- Redis cache encrypted in transit via TLS
- No sensitive data in application logs — structlog SanitizingProcessor strips API keys, tokens, and secrets
- Discord bot token and all service credentials stored as encrypted Fly.io secrets
Infrastructure
Production infrastructure runs on isolated, hardened cloud services.
- Fly.io application hosting with dedicated machines (not shared containers)
- Neon Serverless Postgres with automatic backups and point-in-time recovery
- Sentry error tracking with PII scrubbing enabled
- Axiom log aggregation with no sensitive data forwarded
- Automated deployments via Buildkite CI/CD with isolated build environments
- Static egress IP for broker connections — predictable, whitelistable
Access Controls
Multi-layered access controls protect every level of the system.
- Clerk authentication with RS256 JWT tokens (auto-rotating, ~60s expiry)
- JWKS-based token verification — no shared secrets between services
- Role-based access control (RBAC) for admin vs. user operations
- Per-user data isolation — each user can only access their own keys, strategies, and trades
- Rate limiting on all public API endpoints
- CORS restricted to tradewink.com origins only
Trading Safety
Multiple layers of protection prevent runaway trading and unauthorized executions.
- Trading disabled by default — must be explicitly enabled per user
- Paper mode available for simulated testing before going live
- Daily loss limits and circuit breakers halt trading during drawdowns
- Maximum open position limits and sector concentration checks
- PDT rule enforcement (Pattern Day Trader) prevents regulatory violations
- Audit logging for every trade action — entry, exit, modification, rejection
- Per-user broker resolution — your keys are never mixed with another user's
Network Security
Network-level protections guard against unauthorized access and attacks.
- Fly.io edge TLS termination with automatic certificate management
- No open database ports — all DB access via private networking
- Webhook signature verification (HMAC-SHA256) for all inbound webhooks
- Discord interaction signature verification (Ed25519) for bot commands
- IP-based access control for broker gateway connections (static egress IP)
Code Quality & Testing
Rigorous testing and code quality practices reduce the risk of security vulnerabilities.
- 9,700+ automated tests across 165 test files
- CI runs against both SQLite and PostgreSQL
- Ruff linting and formatting enforced on every commit
- Type checking on critical trading paths (ty check)
- Migration validation — all SQL column references verified at CI time
- Dependency scanning for known vulnerabilities
Responsible Disclosure
If you discover a security vulnerability in Tradewink, please report it responsibly. Email [email protected] with details and we will respond within 48 hours. Please do not publicly disclose the vulnerability until we have had an opportunity to address it. We appreciate security researchers who help us keep our users safe.
Start Trading Securely
Your broker keys are encrypted from the moment you enter them. Free to start, no credit card needed.
Get Started Free