Treeova protects user data with AES-256 encryption at rest, TLS 1.2+ in transit, and row-level security on every database table. Broker credentials are never stored as passwords — only encrypted OAuth tokens or API keys. Paper trading is fully isolated from live accounts.

    Treeova Security & Data Protection

    Encryption, row-level security, isolated paper trading, and broker credential protection.

    AES-256 encryption at rest, TLS 1.2+ in transit.

    Row-level security on every database table.

    Broker credentials stored as encrypted OAuth tokens, never passwords.

    Paper trading fully isolated from live broker accounts.

    Treeova Security and Data Protection

    Security & Data Protection

    How Treeova protects your data, broker credentials, and trading activity.

    Broker Credential Security

    • Treeova never stores your broker passwords. Broker connections use OAuth tokens or API keys that are encrypted at rest using AES-256 encryption.
    • Credentials are stored in isolated, encrypted database fields with row-level security (RLS) ensuring only the authenticated owner can access their tokens.
    • All broker API communication uses TLS 1.2+ encrypted connections.

    Data Encryption

    • All data in transit is encrypted using TLS 1.2+ (HTTPS enforced).
    • Data at rest is encrypted using AES-256 in the database layer.
    • Database backups are encrypted and stored in geographically redundant locations.

    Row-Level Security

    • Every database table enforces row-level security (RLS) policies. Users can only read and modify their own data.
    • Admin access is role-gated with audit logging for every administrative action, including IP address and user agent tracking.
    • Multi-factor authentication (MFA) is supported for admin accounts.

    Paper Trading Isolation

    • The fully funded paper trading environment is fully isolated from live broker accounts.
    • Paper trades never interact with real brokers, real markets, or real money. Simulated executions use delayed market data.
    • Paper account balances and positions are stored in separate database tables from live trading data.

    Authentication & Access Control

    • User authentication is handled via industry-standard protocols with email verification required before account activation.
    • Google OAuth is available as a secondary authentication method.
    • Session tokens are short-lived with automatic refresh. Inactive sessions expire to prevent unauthorized access.

    Platform Integrity

    • AI agent execution is sandboxed — agents can only access tools and data explicitly granted by the user.
    • All agent runs are logged with full telemetry: input/output tokens, tool calls, execution duration, and cost.
    • Rate limiting is enforced on API endpoints to prevent abuse.
    • Treeova does not sell user data, trading activity, or behavioral analytics to third parties.

    Security FAQ