Platform Security

Our Commitment to Security

At FundYourEdge, security is foundational to everything we build. We employ industry-standard encryption, authentication, and access controls to protect your data at every layer of our platform. This page outlines the measures we take to safeguard your personal information, financial data, and trading activity. We continuously evaluate and improve our security posture to stay ahead of emerging threats.

Data Encryption

All data transmitted between your browser and our platform is protected using modern encryption standards.

• All connections secured with TLS 1.2 or higher — HTTPS is enforced across the entire platform
• Sensitive data is encrypted at rest using industry-standard algorithms
• API communications between internal services are encrypted end-to-end
• Database connections use encrypted channels to prevent unauthorized interception

Authentication & Access Control

We partner with WorkOS AuthKit, an enterprise-grade identity provider, to handle all authentication. FundYourEdge never stores your password.

• Multi-factor authentication (MFA) supported for all accounts
• Passkey and biometric login options for passwordless access
• Single sign-on (SSO) via Google, Microsoft, Apple, and GitHub
• Session management with automatic expiration and secure token handling
• Role-based access controls limit internal data access to authorized personnel only

Payment Security

Payment processing is handled by PCI DSS-compliant providers. FundYourEdge never stores, processes, or has access to your full card details.

• Credit and debit card payments tokenized via NMI using Collect.js — card data never touches our servers
• PayPal payments processed entirely through PayPal's secure infrastructure
• All payment pages served over HTTPS with strict Content Security Policy headers
• Transaction records reference only tokenized identifiers, not raw card numbers

Identity Verification

Know Your Customer (KYC) verification is handled by Sumsub, a globally trusted identity verification provider.

• Identity documents are uploaded directly to Sumsub — FundYourEdge does not store your documents
• Only the verification status (approved, pending, rejected) is stored on our platform
• Sumsub is SOC 2 Type II certified and compliant with GDPR and global data protection regulations
• Verification data is retained by Sumsub according to their data retention policy

Infrastructure Security

Our platform infrastructure is built on security best practices with multiple layers of protection.

• Hosted on SOC 2-compliant cloud infrastructure with automatic security patches
• Application secrets managed through encrypted environment variables — never hard-coded
• Strict separation between production, staging, and development environments
• CORS policies and CSRF protections enforced on all endpoints
• Regular dependency audits and automated vulnerability scanning

Third-Party Security

We carefully select vendors that meet rigorous security and compliance standards. Below is a summary of the key third-party services we use and their certifications.

Incident Response

We maintain a structured incident response process to address security events promptly and transparently.

• Critical security incidents are triaged and responded to immediately
• Affected users are notified in accordance with applicable breach notification regulations
• Post-incident reviews are conducted to identify root causes and prevent recurrence
• Security improvements are deployed on an ongoing basis informed by incident learnings

Questions or Concerns?

If you have questions about our security practices or want to report a potential vulnerability, please contact our operations team. FundYourEdge, Inc. Sheridan, Wyoming, USA

Email: operations@fundyouredge.com