PipSync holds broker API credentials in an encrypted store, routes orders through isolated bridges, and never touches client money. Your broker remains your custodian. Always.
Every control below is on by default. No asterisks, no enterprise-only paywalls for the basics.
Sensitive credentials use app-managed AES-GCM encryption. KMS-backed rotation is tracked as production hardening.
HTTPS-ready deployment, secure cookies, HSTS configuration and legacy TLS refusal are part of the production profile.
Daily DD cap, per-trade risk %, symbol whitelist, news-event blocker.
Critical account, billing, role and trading actions write structured audit events for operator review.
Workspace-scoped RBAC and server-side query guards are in place; DB-level hardening remains a tracked launch gate.
Rate-limits per source, per broker, per account. Auto-pause on anomaly.
EU deployment, DPA/subprocessor review and SCC evidence are handled as legal readiness work before launch.
We're small, we're honest about it. Here's every compliance & audit milestone — on the record.
Internal controls, evidence owners and readiness gaps documented before external audit.
Independent review to confirm whether audit evidence is complete enough to start certification work.
Unavailable until an independent auditor issues a report.
Certification remains unavailable until stage audits are completed.
The production status surface is wired as a launch gate; live telemetry is published once the deployment environment is connected.
Last incident: 42 days ago
Last incident: 18 days ago
No incidents 90d
Last incident: 7 days ago
KMS hardening pending
Last incident: 3 days ago
We share the current security questionnaire, control inventory and draft DPA on request. SOC 2, pen-test and subprocessor evidence are marked pending until externally validated.