Security

ArbEdge is a read-only market intelligence platform. We have no access to your trading accounts, exchange credentials, or funds. Here is exactly how we protect the data we do handle.

ACTIVE SECURITY MEASURES
🔐
TLS 1.3 Encryption
ACTIVE
All data in transit is encrypted using TLS 1.3. HTTPS is enforced on all connections. No plain-text traffic is permitted.
🪪
Authentication via Clerk
ACTIVE
User authentication is handled by Clerk, a SOC 2 Type II certified identity provider. We never store passwords. Login uses Google OAuth, Apple Sign In, or email magic links — no passwords are ever transmitted to ArbEdge.
🗄️
Database Encryption at Rest
ACTIVE
All data stored in our PostgreSQL database is encrypted at rest. Redis cache contains only public market data — no user data is stored in cache.
☁️
SOC 2 Compliant Infrastructure
ACTIVE
ArbEdge runs on Railway.app, a SOC 2 compliant cloud infrastructure provider. All services run in isolated containers with restricted network access.
🚫
No Financial Credentials
BY DESIGN
ArbEdge is a market data platform only. We never request, store, or have access to any exchange API keys, trading account passwords, or brokerage credentials of any kind.
👁️
No Third-Party Tracking
BY DESIGN
We do not use advertising networks, tracking pixels, or analytics tools that share your data. No Facebook Pixel, Google Analytics, or similar tracking on any ArbEdge page.
🛡️
Minimal Data Collection
BY DESIGN
We collect only your email address (if alerts are enabled) and your alert preferences. Nothing else is stored that could be used to identify or track you.
What We Store vs What We Don't
✓ WE STORE
·Email address (alerts only)
·Alert threshold setting
·Watched symbols list
·Session tokens (via Clerk)
·Basic server access logs
✗ WE NEVER STORE
·Exchange API keys
·Trading account credentials
·Passwords of any kind
·Payment or financial data
·Withdrawal or transfer access
·Device fingerprints
·Advertising identifiers
WHAT WE DON'T DO
WE DON'T EXECUTE TRADES
ArbEdge is read-only. We display market data. We cannot place, modify, or cancel orders on any exchange.
WE DON'T HAVE FUND ACCESS
We have no connection to any exchange account. Your funds cannot be accessed, moved, or affected by ArbEdge in any way.
WE DON'T SELL YOUR DATA
Your email and preferences are never sold, rented, or shared with third parties for commercial purposes.
WE DON'T USE YOUR DATA FOR ADS
No advertising networks have access to your data. ArbEdge products are ad-free.
🔔 BREACH NOTIFICATION COMMITMENT
In the event of a confirmed security breach affecting stored user data, we will notify affected users by email within 72 hours of confirming the breach. We will describe what was affected and provide guidance on protective actions.
🔍 Report a Security Vulnerability
If you discover a security vulnerability in ArbEdge, please report it responsibly to [email protected] with the subject line "Security Vulnerability." We take all reports seriously and will respond within 48 hours. Please do not publicly disclose vulnerabilities before we have had the opportunity to address them.
HomeDashboardChartsAboutContactStatusSecurityPrivacyTermsRiskDisclaimerCookiesChangelog