ALPHAFINDTrading & Research Platform
Back to site
Home
Research
Charts
Strategy
Community
Founders
Trust & Safety

Security

Last updated: 1 March 2025  ยท  Phronesis Technologies Limited, trading as AlphaFind
Protecting your data and maintaining the integrity of the platform is a core responsibility, not an afterthought. This page describes how we approach security and how to report a vulnerability if you find one.
01 How We Protect Your Data
๐Ÿ”’
Encryption in Transit
All communication between your browser and AlphaFind uses TLS 1.2 or higher. We enforce HTTPS across all endpoints and use HSTS to prevent downgrade attacks.
๐Ÿ—„๏ธ
Encryption at Rest
Personal data and sensitive platform data is encrypted at rest using industry-standard AES-256 encryption. Database backups are encrypted and access-controlled.
๐Ÿ”‘
Password Security
Passwords are hashed using bcrypt with per-user salts. We never store passwords in plain text or reversibly encrypted form. We support two-factor authentication (2FA).
๐Ÿ›ก๏ธ
Access Controls
Internal access to production systems and user data follows the principle of least privilege. Access is role-based, audited, and requires multi-factor authentication.
๐Ÿ—๏ธ
Infrastructure
AlphaFind is hosted on reputable cloud infrastructure providers with SOC 2 Type II certifications. We use firewalls, network segmentation, and DDoS protection at the infrastructure level.
๐Ÿ“‹
Monitoring & Logging
We maintain comprehensive audit logs and automated alerting for anomalous behaviour, failed authentication attempts, and suspicious activity patterns.
02 Payment Security

AlphaFind does not process or store payment card data directly. All payment transactions are handled by a PCI DSS-compliant payment processor. We receive only a tokenised reference to your payment method โ€” your card number, CVV, and sensitive billing details never touch our servers.

03 Broker Integrations

Where AlphaFind offers connectivity to third-party broker platforms, we use OAuth-based authentication flows or API key integrations provided by those brokers. We do not request, store, or have access to your broker login credentials. API keys used for broker integrations are encrypted at rest and never exposed in plaintext in the UI or API responses.

You can revoke broker integrations at any time from your account settings, and we recommend doing so promptly if you no longer use the integration.

04 Incident Response

In the event of a security incident that affects user data, we are committed to:

  • Promptly investigating and containing the incident;
  • Notifying affected users in a timely manner where required by applicable law, including the mandatory breach notification requirements of the New Zealand Privacy Act 2020;
  • Reporting to the Office of the Privacy Commissioner (NZ) and other relevant authorities as required; and
  • Providing clear guidance on steps users can take to protect themselves.
05 Responsible Disclosure
Security Vulnerability Reporting

We take security reports seriously and appreciate the work of security researchers who help keep our users safe. If you have discovered a potential security vulnerability in AlphaFind, please report it to us privately before any public disclosure.

When reporting, please include: a description of the vulnerability, the steps to reproduce it, the potential impact, and any proof-of-concept code or screenshots if applicable.

We commit to: acknowledging your report within 2 business days, providing a status update within 10 business days, working with you to understand and resolve the issue, and โ€” where the vulnerability is valid and responsibly disclosed โ€” publicly crediting your discovery if you wish.

Please do not access or modify user data, interrupt service availability, or publicly disclose details of any vulnerability before we have had a reasonable opportunity to address it.

[email protected]

Scope includes: alphafind.io and all subdomains, the AlphaFind web application, and our public API. Out of scope: third-party services and infrastructure we do not control, social engineering attacks, physical security, and denial-of-service testing.

06 Account Security Recommendations

You can take the following steps to protect your AlphaFind account:

  • Use a strong, unique password that you do not reuse on other services;
  • Enable two-factor authentication (2FA) in your account security settings;
  • Review connected third-party integrations regularly and revoke any you no longer use;
  • Be cautious of phishing emails purporting to be from AlphaFind โ€” we will never ask for your password by email; and
  • Contact us immediately at [email protected] if you believe your account has been compromised.