Security & Trust

Tradewink handles your broker API keys and executes real trades on your behalf. We take that responsibility seriously. Here's exactly how we protect your data and your money.

Encrypted at Rest
Encrypted in Transit
23,000+ Tests
Audit Logged

Broker Key Encryption

Your broker API keys are encrypted at rest using Fernet symmetric encryption with PBKDF2-derived keys.

  • AES-128-CBC encryption via Fernet (Python cryptography library)
  • PBKDF2-HMAC-SHA256 key derivation with 600,000 iterations
  • Each user's keys are encrypted with a unique salt
  • Keys are never persisted in plaintext in the database or logs
  • Decryption happens transiently in application memory only when needed for broker API communication

Data Protection

All data in transit and at rest is encrypted using industry-standard protocols.

  • TLS for all API and WebSocket connections, terminated at the Fly.io edge
  • PostgreSQL database hosted on Neon with encryption at rest (AES-256)
  • Redis cache encrypted in transit via TLS
  • No sensitive data in application logs — structlog SanitizingProcessor strips API keys, tokens, and secrets
  • Discord bot token and all service credentials stored as encrypted Fly.io secrets

Infrastructure

Production infrastructure runs on isolated, hardened cloud services.

  • Fly.io hosting on isolated Firecracker microVMs, not shared containers
  • Neon Serverless Postgres with automatic backups and point-in-time recovery
  • Sentry error tracking with PII scrubbing enabled
  • Axiom log aggregation with no sensitive data forwarded
  • Automated deployments via Buildkite CI/CD with isolated build environments
  • Static egress IP for broker connections — predictable, whitelistable

Access Controls

Multi-layered access controls protect every level of the system.

  • Clerk authentication with RS256 JWT tokens, verified against rotating JWKS keys
  • JWKS-based token verification — no shared secrets between services
  • Role-based access control for admin vs. user operations
  • Per-user data isolation — each user can only access their own keys, strategies, and trades
  • Rate limiting on authentication, key-submission, and service API endpoints
  • CORS restricted to tradewink.com origins for authenticated endpoints (public read-only API excepted)

Trading Safety

Multiple layers of protection prevent runaway trading and unauthorized executions.

  • Auto-execution off by default — trades require explicit confirmation until you enable autonomous mode
  • Paper mode is the default for simulated testing before going live
  • Daily loss limits and circuit breakers halt trading during drawdowns
  • Maximum open position limits and sector concentration checks
  • PDT rule enforcement (Pattern Day Trader) prevents regulatory violations
  • Audit logging for every trade action — entry, exit, fill, cancellation, and rejection
  • Per-user broker resolution — your keys are never mixed with another user's

Network Security

Network-level protections guard against unauthorized access and attacks.

  • Fly.io edge TLS termination with automatic certificate management
  • No publicly exposed database ports — database access over TLS to a managed Postgres provider
  • Webhook signature verification (HMAC-SHA256) for all inbound webhooks — fail-closed when a secret is unset
  • IP-based access control for broker gateway connections (static egress IP)

Code Quality & Testing

Rigorous testing and code quality practices reduce the risk of security vulnerabilities.

  • 23,000+ test functions across 500+ test files
  • CI test suite runs against PostgreSQL (SQLite supported for local development)
  • Ruff linting and formatting enforced on every CI run
  • Type checking on critical trading paths (ty check)
  • Config-to-schema field mappings validated at CI time
  • Automated dependency vulnerability scanning in CI (pip-audit)

Responsible Disclosure

If you discover a security vulnerability in Tradewink, please report it responsibly. Email [email protected] with details and we will respond within 48 hours. Please do not publicly disclose the vulnerability until we have had an opportunity to address it. We appreciate security researchers who help us keep our users safe.

Start Trading Securely

Your broker keys are encrypted from the moment you enter them. Free to start, no credit card needed.

Get Started Free