Signal BeAI classifies data by sensitivity, including public site content, account profile data, portfolio and watchlist data, broker connection data, trading-rule data, order and fill metadata, authentication data, operational logs, and encrypted secrets.

Broker access tokens, refresh tokens when provided, API keys, passwords, and other credentials are treated as restricted data. Access is limited to systems and personnel with an operational need.

Production data is handled through controlled application, database, and infrastructure workflows. Sensitive values are not intended to be stored in source code, screenshots, logs, or support messages.

User access is role-based. Administrative, platform, and trading-control features are limited to authorized accounts.

Privileged access to production infrastructure, databases, deployment systems, and connector settings is limited to approved operators and protected using credential controls appropriate to the system.

Signal BeAI separates user broker authorization from platform connector configuration. Users authorize broker access through the broker OAuth flow, while platform administrators manage system-level connector settings.

Signal BeAI uses HTTPS/TLS for supported public web, API, broker OAuth, and service communication paths.

Broker tokens and sensitive connector secrets stored by Signal BeAI are encrypted at rest using application-managed encryption before being saved to the database.

Databases, hosting environments, backups, and provider-managed storage may also use provider-level encryption controls. Passwords are stored using one-way hashing rather than plaintext storage.

Signal BeAI reviews application dependencies, build output, infrastructure status, service health, and deployment logs as part of normal maintenance.

Security patches for application code, dependencies, operating systems, and infrastructure are prioritized based on severity, exploitability, business impact, and operational risk.

Production releases follow validation gates such as source control review, build checks, tests, health checks, and deployment verification before release where applicable.

Potential security incidents are triaged by severity, affected systems, affected users, data sensitivity, trading impact, and containment needs.

Response actions may include disabling affected accounts or features, revoking or rotating credentials, pausing broker integrations, blocking automated trading, preserving logs, restoring from backups, deploying fixes, and notifying affected parties where appropriate.

Disaster recovery planning includes production snapshots, database backup practices, deployment rollback procedures, service health checks, and restoration of critical API, database, broker, and notification workflows.

Signal BeAI primarily uses cloud, hosting, and managed infrastructure providers. Physical security for provider data centers is managed by those providers under their own security programs.

Operator devices used for administration should use operating-system access controls, device security updates, and secure network practices.

Signal BeAI relies on selected vendors for hosting, databases, broker OAuth and trading APIs, market data, AI infrastructure, email, push notifications, payments, and operational tooling.

Vendors are selected and reviewed based on their role, data handled, availability requirements, security posture, contractual obligations, and operational fit.

When a vendor is used for broker, payment, hosting, or sensitive data workflows, Signal BeAI aims to limit shared data to what is needed for the feature and to use vendor security controls such as HTTPS, authentication, scoped access, and account-level permissions.

Users are responsible for protecting their login credentials, using secure devices, reviewing broker authorization screens, monitoring connected accounts, and revoking broker access when no longer needed.

Users should promptly contact hello@signalbeai.com if they believe their Signal BeAI account, broker account, device, email, or trading settings may be compromised.

This policy may be updated as Signal BeAI features, vendors, infrastructure, security practices, or legal requirements change.