SECURITY

Your financial data,
kept private and safe.

Prospr is built on a foundation of read-only access, zero credential storage, and industry-standard encryption. Here is exactly how it works.

We never touch your brokerage credentials

Prospr connects to your brokerage accounts through SnapTrade, a regulated open-finance platform. When you authenticate with Schwab, Interactive Brokers, or any other broker, you log in directly on the broker's own website — Prospr never sees, handles, or stores your username or password. SnapTrade acts as the secure intermediary, and your credentials stay between you and your broker.

Read-only access to your accounts

The connection established between Prospr and your brokerage accounts is strictly read-only. Prospr can see your holdings, transaction history, and balances — but it cannot place trades, move money, or make any changes to your accounts. Ever. This is enforced at the API level by your broker, not just a policy on our end.

Encryption in transit and at rest

All data travelling between your browser, our servers, and third-party data providers is encrypted using TLS 1.3. Your portfolio data stored in our database is encrypted at rest using AES-256. We do not store any unencrypted financial data anywhere in our infrastructure.

Secure authentication

Prospr uses industry-standard JSON Web Tokens (JWT) for session management, with short expiry windows and automatic refresh. Passwords are hashed with bcrypt before storage — we never store plaintext passwords. All authenticated API endpoints require a valid token on every request.

Infrastructure security

Our backend infrastructure runs behind HTTPS with strict CORS policies, rate limiting, and input validation on all endpoints. Database access is restricted to the application layer — there is no direct public access to any data store. We keep dependencies updated and perform regular security reviews of our codebase.

Your data is yours

We do not sell your financial data, portfolio information, or behaviour to third parties. The data you connect to Prospr is used solely to power the features you see in the app. You can disconnect any brokerage or delete your account at any time, and all associated data will be removed from our systems.

Powered by SnapTrade

Brokerage connections handled by a regulated infrastructure provider

SnapTrade is purpose-built for secure brokerage connectivity. They are SOC 2 Type II certified and trusted by thousands of fintech applications. When you connect a brokerage to Prospr, the authentication flow is entirely managed by SnapTrade — not us.

Read SnapTrade's security page →

Have a specific security question?

hello@prosprcapital.com