FX Hedging
Use Cases How It Works Security AI Policy
Company
Our Story Careers Press
Sign In Get Started

Security

Security is foundational to everything we build. Your financial data deserves enterprise-grade protection.

Looking for AI & data separation? See our AI & Data Policy for details on how we keep your company data isolated from AI systems.

Our Commitment

We handle sensitive financial data and take that responsibility seriously. Security isn't a feature we bolt on—it's built into every decision we make, from architecture to operations.

How We Protect Your Data

Encryption

  • In transit — All connections secured with TLS encryption
  • At rest — All stored data encrypted using industry-standard AES-256
  • Key management — Encryption keys managed through secure, auditable systems

Access Controls

  • Least privilege — Access granted based on role and business need
  • Restricted admin access — Administrative functions protected by IP allowlisting
  • Session management — Automatic timeout and secure token handling
  • Audit logging — All data access and administrative actions logged

Infrastructure

  • Enterprise cloud — Hosted on SOC 2 Type II certified infrastructure
  • Network security — Private networking, managed firewalls, and DDoS mitigation
  • Continuous updates — Automated patching and container-based deployments
  • Data isolation — Customer data logically separated and access-controlled
  • Data resilience — Object versioning and soft delete for recovery protection

Development Practices

  • Version control — All code changes tracked and reviewed
  • Code review — Changes require approval before deployment
  • CI/CD pipelines — Automated testing and controlled deployments
  • Secrets management — Credentials never stored in code; injected at deployment

Compliance

We are building toward SOC 2 Type II certification. Our infrastructure, policies, and procedures are designed to meet the Trust Services Criteria for security, availability, and confidentiality.

We're happy to discuss our security practices in detail with prospective customers and provide documentation for vendor reviews.

What We Don't Do

  • We never store bank credentials or payment information
  • We never execute trades without explicit user approval
  • We never sell or share your data with third parties
  • We never access customer data without a documented business need

Security Inquiries

Questions about our security practices? Need documentation for your vendor review?

Contact us: security@goescargot.com

To report a vulnerability: security@goescargot.com

Loading...