Privacy & Security

How we protect your data, in plain English.

The short version

We connect to your brokerage read-only, we never see your brokerage password, we can't place trades in your account, your broker tokens are encrypted, and we never sell or share your data. Your account is walled off from every other user's.

1. What we collect

Your email and login, your subscription status, the trades and positions you choose to import, and the preferences and settings you set (such as account size or income goals). That's it. We don't ask for your Social Security number or your brokerage password.

2. How connecting your broker works

When you link a brokerage, you log in on your broker's own site — not ours — and authorize a read-only connection through a secure third-party brokerage-connectivity provider. Trade Conclave receives a secure access token; it never receives your brokerage username or password.

That token only lets us read your trade history and positions so we can analyze them. It cannot be used to move money or place orders. Prefer not to connect at all? You can import your trades by CSV file or enter them manually instead.

3. How we protect your broker tokens

The access tokens that link your account are the crown jewels, so they are encrypted at rest using Fernet (AES‑128 in CBC mode with HMAC‑SHA‑256 authentication) under a dedicated encryption key that is kept separate from the rest of the application. Encryption keys can be rotated without downtime. Even someone with direct database access cannot read the raw tokens.

4. We never place trades for you

The platform is read-only by design. Trade execution is fenced off at the code level — there is no path for Trade Conclave, or any other user, to submit an order in your brokerage account. We analyze; you decide and act through your own broker.

5. How we secure your connection and session

Everything runs over encrypted HTTPS/TLS, with HTTP Strict Transport Security (HSTS) enforcing secure connections for a full year. Your login and session cookies are marked Secure, HttpOnly (so scripts can't read them), and SameSite, and every form is protected against cross-site request forgery (CSRF). We also send content-type, referrer, and cross-site scripting protections on every response.

6. Your account is isolated

Trade Conclave is built so that each account is strictly separated from every other one. Your positions, imported trades, and personalized analysis are only ever visible to you. Logged-in pages are served with a no-store instruction, so your data is never cached or shown to anyone else.

7. Third parties we rely on

Payments are handled by Stripe — we never see or store your full card number. We use a secure third-party brokerage-connectivity provider for read-only broker links, and a standard email provider for account notifications. We do not sell your data, and we do not share it for advertising.

8. Your controls

You're in charge of your data. You can disconnect a linked broker at any time (which revokes the stored token), export your data, or delete your account and the data tied to it.

9. Changes & contact

If we materially change how we handle your data, we'll post the update here and notify you. Questions about your privacy or our security practices? Email [email protected].

This page describes our privacy and security practices in plain language. It is provided for transparency and does not by itself create any contractual obligation beyond our Terms of Use.