Security at Catalystr

Protecting your data is fundamental to everything we do. We implement industry-standard security practices to keep your information safe.

Our Commitment

As a platform handling sensitive portfolio information, we understand the responsibility that comes with your trust. Security is not an afterthought—it's built into every layer of our architecture and every decision we make.

We are committed to transparency about our security practices and will communicate openly about any issues that may affect our users.

How We Protect Your Data

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your portfolio data and personal information are protected at every stage.

Cloud Infrastructure

We run on Google Cloud Platform, leveraging enterprise-grade infrastructure with built-in redundancy, automatic failover, and industry-leading physical security.

Access Controls

We implement role-based access controls and the principle of least privilege. Only authorized personnel can access production systems, and all access is logged and audited.

Monitoring & Detection

Our systems are continuously monitored for suspicious activity. We employ automated threat detection and maintain 24/7 alerting for security events.

Regular Updates

We keep all systems patched and up to date. Dependencies are regularly scanned for known vulnerabilities and updated promptly.

Incident Response

We maintain a documented incident response plan. In the unlikely event of a security incident, we are prepared to respond quickly and transparently.

Security Practices

Secure software development lifecycle (SDLC)

Code reviews and automated security testing

Regular penetration testing and vulnerability assessments

Employee security awareness training

Vendor security assessments for third-party services

Data backup and disaster recovery procedures

Authentication & Access

Secure Authentication

We use OAuth 2.0 for authentication, allowing you to sign in securely with your Google account. We never store your password—authentication is handled by trusted identity providers.

Session Management

Sessions are managed securely with encrypted tokens. Sessions expire automatically and can be revoked at any time from your account settings.

Report a Security Issue

If you discover a potential security vulnerability, we appreciate your help in disclosing it to us responsibly. Please email our security team directly.

vinkjj@gmail.com