Security

Your broker credentials and trading activity are protected at every layer

TradeHook never holds your funds. Your credentials are encrypted at rest. Your executions are isolated from every other user. Here is exactly what we do and how.

🏦

TradeHook never holds your money

We are an execution engine, not a custodian. Your capital stays in your broker account at all times. TradeHook submits orders on your behalf via broker API — the same mechanism as any automated trading tool. We do not hold, move, or have access to fund withdrawal functions. If you close your TradeHook account, your broker account and its funds are completely unaffected.

Security features

Twelve layers of protection across credentials, sessions, execution, and data.

🔐

Zero fund custody

TradeHook never holds, moves, or has custody of your funds. We connect to your broker via read/write API credentials that you control. You can revoke access instantly from your broker dashboard at any time. We submit orders — your broker holds your money.

🔑

Credential encryption at rest

Your broker API keys and secrets are encrypted with AES-256 before they are written to disk. The encryption key is never stored alongside the credentials. Even if the database were extracted, credentials would be unreadable without the separate key material.

🛡

Two-factor authentication

TOTP two-factor authentication (RFC 6238 standard — the same spec used by Google Authenticator and Authy) is available on every account. Time-based one-time passwords with a 30-second window and HMAC-SHA1 verification. Backup codes generated at setup.

🍪

HTTP-only authentication cookies

Session tokens are stored as HTTP-only cookies — not in localStorage or sessionStorage. This means JavaScript running in the browser cannot read your session token, protecting against cross-site scripting (XSS) attacks that attempt to steal credentials.

🎯

Per-strategy signal authentication

Every strategy listing generates a unique, cryptographically random 32-byte URL-safe token. Only requests carrying this token can trigger execution for that strategy. Tokens can be rotated instantly. There is no shared secret across strategies or users.

🔁

Webhook token rotation

Webhook URLs should be treated like API secrets. If a URL is pasted into chat, shared with a contractor, exposed in a screenshot, or copied into an untrusted tool, users should rotate the token and update their TradingView alerts before live execution.

🧪

Paper-before-live workflow

TradeHook is designed so users can validate alert payloads, broker connectivity, symbol permissions, close behavior, and logs in paper mode before enabling live execution. Live mode requires explicit user action.

🧱

Complete account isolation

Every user's risk engine, execution log, broker credentials, and strategy configuration are strictly isolated. No API endpoint allows cross-user data access. A subscriber's configuration cannot be read, modified, or affected by any other user — including the signal publisher they follow.

📋

Full audit trail

Every signal received, routed, and executed is logged with timestamp, user ID, broker, action, symbol, result, and latency. Every login, configuration change, and subscription event is recorded. Logs are append-only and queryable from your dashboard.

⚖️

Versioned legal consent

Every user explicitly accepts the Terms of Service before their first execution. Acceptance is recorded with timestamp, IP address, and the specific version of the terms agreed to. When terms are updated, users are required to re-accept before execution resumes.

🌐

HTTPS everywhere

All traffic between your browser and the TradeHook platform is encrypted with TLS. HTTP requests are automatically redirected to HTTPS. API endpoints are not reachable over unencrypted connections.

✅

Input validation on all endpoints

Every API endpoint validates inputs against strict typed schemas before processing. Malformed requests, unexpected fields, and out-of-range values are rejected at the boundary. No raw user input reaches execution logic without validation.

⏱

Session time gates

Users can configure execution to only run within defined time windows (e.g., market hours only). Signals that arrive outside these windows are logged but not executed. This prevents overnight or weekend executions if not intended.

🚨

Daily loss limits

Each account can configure an absolute daily loss limit. When this threshold is breached, the risk engine halts all further execution for the remainder of the trading day. This is enforced at the engine level — not just a UI setting.

What TradeHook does not do

✕Hold, custody, or have withdrawal access to your funds

✕Store broker credentials in plain text

✕Share your account data with signal publishers or other users

✕Execute orders outside your configured session windows

✕Continue executing after your daily loss limit is breached

✕Allow unauthenticated signal sources to trigger your automation

✕Retain your session after you log out

✕Sell or share your trading data with third parties

Security questions

Can TradeHook withdraw funds from my account?▾

No. TradeHook connects to your broker via trading API credentials only. These credentials allow order submission — they do not allow withdrawals, transfers, or account modifications. Withdrawal permissions are separate and never requested.

What happens if I revoke my broker API key?▾

TradeHook immediately loses the ability to submit orders on your behalf. No grace period, no retry. You can revoke access from your broker's dashboard at any time without logging into TradeHook.

Are my broker credentials stored in plain text?▾

No. Credentials are encrypted with AES-256 before being written to the database. The plaintext credential never persists on disk.

What does TradeHook do if it detects an anomalous signal?▾

Signals are validated for correct format, authenticated against the strategy token, and checked against the subscriber's risk rules before execution. Signals that fail any check are logged and rejected — they do not trigger partial execution.

When should I rotate a webhook token?▾

Rotate a webhook token any time the URL has been shared outside your trusted workflow, shown in a screenshot, pasted into chat, used in a public demo, or given to a third party. After rotation, update the webhook URL in TradingView before relying on live alerts.

Can I test without risking real capital?▾

Yes. TradeHook supports paper workflows so you can verify alert format, symbol routing, close behavior, logs, and broker state before enabling live execution. Paper testing is strongly recommended for every strategy, broker, symbol, timeframe, and settings change.

Can a signal publisher see my account details?▾

No. Signal publishers can see their own strategy analytics (subscriber count, execution count) but have zero access to any subscriber's account details, credentials, P&L, or broker information.

How do I report a security issue?▾

Email support@tradehook.io with the subject line 'Security Disclosure'. We treat all security reports seriously and respond within 24 hours.

Found a security issue?

We take all security disclosures seriously. Email us at support@tradehook.io with subject line Security Disclosure. We respond within 24 hours and will work with you to address any valid findings promptly.

Get started →