Security Policy
TradingBase Security Policy
Document ID: LEG-010Version: 1.0Status: Draft for Legal ReviewEffective Date: [To be inserted]Last Updated: [To be inserted]
- Purpose
This Security Policy (“Policy”) describes the security principles, controls, and responsibilities adopted by TradingBase to protect the confidentiality, integrity, and availability of the Platform and information processed through it.
This Policy supplements the TradingBase Terms of Service, Privacy Policy, API Terms of Use, and other applicable legal documents.
- Scope
This Policy applies to:
TradingBase websites;
mobile applications;
cloud infrastructure;
APIs;
AI services;
Marketplace;
Academy;
Community;
Broker Hub;
Portfolio services;
employees;
contractors;
vendors;
authorized developers;
third-party service providers where applicable.
- Security Principles
TradingBase is committed to implementing security measures based on internationally recognized principles, including:
confidentiality;
integrity;
availability;
least privilege;
defense in depth;
secure by design;
privacy by design;
continuous improvement.
- Access Control
Access to Platform resources shall be managed according to business necessity.
Security controls may include:
role-based access control (RBAC);
least privilege allocation;
strong authentication;
multi-factor authentication where available;
periodic access reviews;
account lifecycle management.
Users remain responsible for protecting their authentication credentials.
- Authentication
TradingBase may support authentication through:
email and password;
OAuth providers;
enterprise identity providers;
passkeys where supported;
multi-factor authentication.
Authentication mechanisms may evolve as security standards improve.
- Password Security
Users are encouraged to:
use strong passwords;
avoid password reuse;
protect credentials from disclosure;
update passwords following suspected compromise.
TradingBase stores passwords using appropriate cryptographic hashing techniques and does not store plaintext passwords.
- Encryption
TradingBase implements encryption where appropriate for:
data in transit;
data at rest;
authentication credentials;
sensitive configuration data;
backup storage where supported.
Industry-standard cryptographic protocols are used where practicable.
- Infrastructure Security
TradingBase may employ security measures including:
network segmentation;
firewalls;
intrusion detection;
intrusion prevention;
distributed denial-of-service (DDoS) protection;
endpoint security;
centralized logging;
monitoring systems.
Infrastructure architecture may change over time to improve resilience.
- Application Security
Security practices may include:
secure software development lifecycle;
code review;
dependency management;
vulnerability scanning;
security testing;
configuration management;
change management.
Security controls are reviewed periodically.
- AI Security
AI-powered services are designed with consideration for:
access control;
prompt handling;
misuse prevention;
abuse monitoring;
output safety mechanisms;
service integrity.
Users remain responsible for evaluating AI-generated outputs before relying on them.
- Data Protection
TradingBase applies reasonable administrative, technical, and organizational safeguards to protect information against:
unauthorized access;
unauthorized disclosure;
accidental destruction;
alteration;
misuse.
Additional controls may apply depending on data sensitivity.
- Incident Response
TradingBase maintains procedures for responding to security incidents.
Response activities may include:
detection;
assessment;
containment;
investigation;
remediation;
recovery;
post-incident review.
Notification of affected parties will be provided where required by applicable law.
- Vulnerability Management
TradingBase periodically evaluates security risks through activities that may include:
vulnerability assessments;
dependency reviews;
software updates;
patch management;
security monitoring.
Critical issues are prioritized according to risk.
- Responsible Disclosure
Security researchers who discover potential vulnerabilities are encouraged to report them responsibly through TradingBase’s designated security contact.
Researchers should:
avoid disrupting Platform operations;
avoid accessing unnecessary data;
provide sufficient technical detail;
allow reasonable time for remediation before public disclosure.
Responsible disclosure does not authorize activities otherwise prohibited by law.
- Third-Party Services
TradingBase may rely on third-party providers for:
cloud hosting;
authentication;
payment processing;
communications;
analytics;
monitoring.
TradingBase seeks to work with providers that maintain appropriate security standards, but cannot guarantee the security of third-party systems.
- Business Continuity
TradingBase maintains operational procedures intended to support service continuity.
Such procedures may include:
backups;
disaster recovery planning;
infrastructure redundancy;
monitoring;
incident escalation.
Recovery objectives may vary depending on service type.
- User Responsibilities
Users are responsible for:
protecting account credentials;
enabling available security features;
maintaining secure devices;
reporting suspected security incidents;
avoiding phishing attempts;
complying with Platform security requirements.
Failure to follow reasonable security practices may increase operational risk.
- Compliance
TradingBase seeks to align its security practices with applicable legal and regulatory requirements.
Security controls may evolve to reflect:
technological developments;
regulatory changes;
industry best practices;
emerging threats.
- Changes to this Policy
TradingBase may revise this Security Policy from time to time.
Updated versions become effective on the date specified in the revised document.
Continued use of the Platform constitutes acceptance of the updated Policy.
- Contact
Security-related questions, vulnerability reports, or incident notifications should be submitted through TradingBase’s official security contact channels.
Appendix A — Examples of Security Controls
Examples of security controls implemented or considered by TradingBase include:
encryption;
access control;
audit logging;
network protection;
malware protection;
vulnerability management;
backup procedures;
monitoring;
incident response.
The implementation of specific controls may vary over time.
Appendix B — Security Best Practices for Users
TradingBase encourages Users to:
enable multi-factor authentication where available;
review account activity periodically;
protect recovery information;
update software regularly;
avoid sharing authentication credentials;
verify official communications before responding;
report suspicious activity promptly.
These practices significantly improve account security.
Appendix C — Security Reporting
When reporting a suspected vulnerability, reporters should include where possible:
date and time of discovery;
affected service;
description of the issue;
reproduction steps;
supporting screenshots or logs;
suggested mitigation if available.
Providing complete information assists TradingBase in investigating and addressing reported issues efficiently.