פּלַטפוֹרמָה בִּטָחוֹן

Our Commitment to Security

At FundYourEdge, security is foundational to everything we build. We employ industry-standard encryption, authentication, and access controls to protect your data at every layer of our platform. This page outlines the measures we take to safeguard your personal information, financial data, and trading activity. We continuously evaluate and improve our security posture to stay ahead of emerging threats.

Data Encryption

All data transmitted between your browser and our platform is protected using modern encryption standards.

• All connections secured with TLS 1.2 or higher — HTTPS is enforced across the entire platform
• Sensitive data is encrypted at rest using industry-standard algorithms
• API communications between internal services are encrypted end-to-end
• Database connections use encrypted channels to prevent unauthorized interception

Authentication & Access Control

We partner with WorkOS AuthKit, an enterprise-grade identity provider, to handle all authentication. FundYourEdge never stores your password.

• Multi-factor authentication (MFA) supported for all accounts
• Passkey and biometric login options for passwordless access
• Single sign-on (SSO) via Google, Microsoft, Apple, and GitHub
• Session management with automatic expiration and secure token handling
• Role-based access controls limit internal data access to authorized personnel only

Payment Security

Payment processing is handled by PCI DSS-compliant providers. FundYourEdge never stores, processes, or has access to your full card details.

• Credit and debit card payments tokenized via NMI using Collect.js — card data never touches our servers
• PayPal payments processed entirely through PayPal's secure infrastructure
• All payment pages served over HTTPS with strict Content Security Policy headers
• Transaction records reference only tokenized identifiers, not raw card numbers

Identity & Payment Verification

Know Your Customer (KYC) and payment-eligibility verification are handled by independent regulated providers — Sumsub for identity and Rise for payment readiness. Your personal information is sent directly to these providers; FundYourEdge retrieves only the data needed to service your account or comply with regulatory obligations.

• Identity documents (Government ID, selfie) are uploaded directly to Sumsub
• Payment-eligibility documents (Government ID, Tax ID, Proof of Residence) are uploaded directly to Rise
• We retrieve verification status (approved, pending, rejected) and the minimum data required for account servicing
• Both providers are SOC 2 Type II certified and GDPR compliant; data retention follows their respective policies
• Where required by regulators, we may be obligated to retrieve and disclose additional verification data

Infrastructure Security

Our platform infrastructure is built on security best practices with multiple layers of protection.

• Hosted on SOC 2 Type II certified cloud infrastructure with automatic security patches
• Application secrets managed through encrypted environment variables — never hard-coded
• Strict separation between production, staging, and development environments
• CORS policies and CSRF protections enforced on all endpoints
• Regular dependency audits and automated vulnerability scanning

Third-Party Security

FundYourEdge is not currently SOC 2 certified and does not hold direct certifications such as ISO 27001 or PCI DSS. We carefully select vendors that meet rigorous security and compliance standards, and we rely on vendor-level certifications for the services described below. Data processed through each vendor falls under that vendor's certification scope. The list below reflects vendors that process or have access to customer data; internal tooling vendors are tracked separately. Additional sub-processor details are available upon request for compliance and DPA inquiries.

Access to Your Data

You can request a complete copy of your account data at any time, free of charge. The export covers the data we hold on our systems; verification documents held by Sumsub or Rise are subject to their respective access processes.

• Visit your Profile Settings at /dashboard/settings/profile
• Select "Download my data" and click "Request export"
• We'll email you a confirmation link — verify it to confirm the request
• Your export will be prepared and emailed to you when ready
• Exports include profile, trading history, statements, and verification status

Incident Response

We maintain a structured incident response process to address security events promptly and transparently.

• Critical security incidents are triaged and responded to immediately
• Affected users are notified in accordance with applicable breach notification regulations
• Post-incident reviews are conducted to identify root causes and prevent recurrence
• Security improvements are deployed on an ongoing basis informed by incident learnings

Questions or Concerns?

If you have questions about our security practices or want to report a potential vulnerability, please contact our operations team. FundYourEdge, Inc. Sheridan, Wyoming, USA

Email: operations@fundyouredge.com