Security

At AlgoSync, protecting the security and safety of your accounts and identity is one of our highest priorities. We adhere to SOC 2 compliance standards and employ industry-leading practices, including regular third-party penetration testing and real-time threat modeling, to safeguard your accounts.

AlgoSync customers can access their accounts safely and securely online from any device that is connected to the internet and has a web browser. AlgoSync uses modern and secure technologies and other internal processes to ensure that your accounts stay safe, and you can access them reliably. Here are some of the ways that we keep your account safe.

• Our 24/7 security operations center (SOC) leverages AI-driven tools like CrowdStrike Falcon and Nessus for real-time intrusion detection, vulnerability scanning, and incident response.
• All code changes undergo mandatory static/dynamic analysis (SonarQube, Snyk), peer review, and automated test suites in isolated environments before deployment.
• We enforce AES-256 encryption with perfect forward secrecy for data in transit (TLS 1.3+) and at rest, using FIPS 140-2 validated modules.
• Passwords are hashed using bcrypt (cost factor 12) with cryptographically random salts, ensuring resistance to brute-force and rainbow-table attacks.
• All data is encrypted at rest when stored on disk.
• When you authorize AlgoSync to access your brokerage accounts, Access tokens are encrypted using AWS Key Management Service (KMS) with hardware security modules (HSMs) and rotated every 90 minutes. We never store your brokerage account username or password, and it never passes through our servers or network.
• We require 2FA for all accounts using time-based one-time passwords (TOTP) via Google Authenticator or Authy, with emergency backup codes stored in AES-256 encrypted blobs.

We take your safety and security very seriously and if you have any questions or concerns, please contact us.