Security posture

/* REPLACE BEFORE LAUNCH: Add production security contact, uptime commitments, vendor list, and responsible disclosure workflow before launch. */

Read-only exchange access

CryptoCompanion is designed for read-only exchange API keys. Users should never grant trading, withdrawal, transfer, margin, futures, or custody permissions to exchange keys used with CryptoCompanion.

The product uses imported exchange data for portfolio tracking, trade history, alerts, tax summaries, and research context. It must never execute trades or move funds.

Secret handling

Exchange API credentials are encrypted with AES-256-GCM before storage. Plaintext exchange secrets are only decrypted inside the sync worker and must not be logged, returned to the frontend, or exposed through exports.

Production secrets belong in environment variables or a secret manager, never in source code, docs, logs, or client bundles.

Account protection

User authentication and admin authentication are separate. Admin writes are captured in audit logs. Sensitive user routes should filter by userId, validate input, and avoid leaking internal errors.

Users should use strong passwords, keep email accounts secure, and revoke exchange API keys immediately if account compromise is suspected.

Operations

Production launch requires HTTPS, real environment secrets, database backups, Redis configured for BullMQ, monitoring, log redaction, and a validated rollback path.

Reporting security issues

Security reports should go through the contact form until a dedicated disclosure address is created. Reports should include affected route or feature, steps to reproduce, impact, and any safe proof-of-concept details.