Security at TradeLayer

Protecting your trade data is our top priority. Here is how we do it.

Infrastructure

  • Hosted in Singapore with regional data residency options
  • Isolated network architecture
  • Enterprise-grade encryption for all stored data
  • All connections secured with industry-standard encryption

Data handling

  • Documents processed and stored in your private workspace only
  • 90-day retention by default, configurable per organization
  • Full data deletion on request within 30 days
  • No data used for model training without explicit consent

Authentication & access

  • Secure credential management with no plaintext secrets stored
  • Granular access controls per module
  • Multi-factor authentication mandatory for admin roles
  • Single sign-on available on Scale and Enterprise plans

Data isolation

  • Every customer environment is fully isolated
  • All queries are scoped to your organization only
  • Cross-customer access is blocked at every layer
  • Separate storage namespaces per organization

Compliance

  • SOC 2 Type II certification (audit in progress)
  • GDPR compliant with Data Processing Agreement available on request
  • Regional data residency options for enterprise customers
  • Annual penetration testing by independent third party

Responsible disclosure

Found a security issue? Email security@tradelayer.app. We respond within 24 hours.