Security at Aportia
We engineer security into every layer of the platform — from data architecture to cryptographic standards.
Last updated: June 1st, 2026
AES-256 Encryption
All data stored in Aportia's database is encrypted at rest using AES-256. Data in transit is protected with TLS 1.3. Encryption keys are rotated on a scheduled basis and are never stored alongside encrypted data.
Read-Only Architecture
Aportia operates on a strictly read-only data model. When connecting brokerage accounts (Phase 4), we only ever request read-only API keys. We cannot — and will never — execute trades, transfer funds, or modify your accounts.
SOC 2 Aligned Infrastructure
Our infrastructure is hosted on SOC 2 Type II certified cloud providers within the European Union. We follow OWASP Top 10 security standards across the entire application stack. Regular penetration testing is scheduled for each major release.
Vulnerability Disclosure
We operate a responsible disclosure program. If you discover a security vulnerability in Aportia, please report it confidentially to [email protected]. We aim to acknowledge all reports within 48 hours and resolve critical issues within 7 days. We do not pursue legal action against good-faith security researchers.
Security Contact
For security inquiries or vulnerability reports, contact our security team directly at [email protected]. For general privacy questions, see our Privacy Policy.