Security Overview
TradePillow protects sensitive trading data with layered security controls, constant monitoring, and transparent processes.
Encryption everywhere
Data is encrypted in transit via TLS 1.2+ and at rest using provider-managed encryption keys. Sensitive secrets are stored in dedicated secret managers.
Least privilege access
Production access requires multi-factor authentication, short-lived credentials, and is limited to the team members who need it.
Audit logging
All admin and data access events are logged and retained for investigations. Automated alerts surface anomalies in near real-time.
Secure development lifecycle
Pull requests undergo peer review, automated linting, and dependency scanning before deployment through controlled pipelines.
Resilience & backups
Databases are backed up multiple times daily with geo-redundant storage. Disaster recovery exercises validate restore procedures.
Vendor management
Subprocessors are assessed for compliance with SOC 2, ISO 27001, or equivalent frameworks, and contracts include data protection clauses.
Incident response
We maintain a 24/7 on-call rotation and detailed playbooks for handling security incidents, downtime, or data integrity issues. Post-incident reviews drive preventative fixes and roadmap updates.
Responsible disclosure
We welcome security researchers to report vulnerabilities responsibly. Please follow these steps:
- • Email security@tradepillow.com with a clear description of the vulnerability, proof of concept, and impact.
- • Allow us reasonable time to investigate and remediate before public disclosure.
- • Avoid accessing, modifying, or deleting data that belongs to others while testing.
- • We will acknowledge receipt within one business day and keep you updated on progress.
Questions & certifications
Email security@tradepillow.com to request penetration test summaries, SOC 2 roadmap updates, or custom security questionnaires.