Transport Layer Security (TLS), which protects data in-transit, is used between Commonstock Users, Commonstock API, Financial Institutions, and Data Providers.
All data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots using the industry standard AES encryption algorithm.
No usernames or passwords are ever stored on our servers. We explicitly encrypt all broker session tokens using symmetric encryption (AES).
Commonstock leverages the years of experience and expertise of secure cloud services to provide security to our network infrastructure. Cloud services customers benefit from security innovation and improvements made from customer feedback.
Commonstock employs a third-party service to conduct annual penetration testing against its public-facing systems. These tests are performed by qualified assessors, and focus on different usage and attacker scenarios to address the most common attack threats against the platform. Findings or issues identified through these tests are prioritized and addressed based on their criticality.
While Commonstock never directly touches your money, we sit at the center of many connections between you and different institutions. We take this role seriously and aim to continue to use the highest-possible grade security we can to ensure a safe experience.
Email firstname.lastname@example.org if you have any other questions/concerns about our security.