Security

We use bank-level encryption for connecting to brokers, never store user credentials on our servers, and encrypt user data at rest.

Encrypted data

Transport Layer Security (TLS), which protects data in-transit, is used between Commonstock Users, Commonstock API, Financial Institutions, and Data Providers.

All data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots using the industry standard AES encryption algorithm.

Independent audits

Commonstock employs a third-party service to conduct annual penetration testing against its public-facing systems. These tests are performed by qualified assessors, and focus on different usage and attacker scenarios to address the most common attack threats against the platform. Findings or issues identified through these tests are prioritized and addressed based on their criticality.

Secured credentials

No usernames or passwords are ever stored on our servers. We explicitly encrypt all broker session tokens using symmetric encryption (AES).

Keeping your money and data safe

While Commonstock never directly touches your money, we sit at the center of many connections between you and different institutions. We take this role seriously and aim to continue to use the highest-possible grade security we can to ensure a safe experience.

Cloud infrastructure

Commonstock leverages the years of experience and expertise of secure cloud services to provide security to our network infrastructure. Cloud services customers benefit from security innovation and improvements made from customer feedback.

Any questions?

Email security@commonstock.com if you have any other questions/concerns about our security.