Security & Trust

Security isn't a feature. It's the foundation.

Your research and portfolio data are personal. We treat privacy and security as first-class — local-first by design, with your data kept yours.

Privacy-first · Your data stays yours

Encryption Everywhere

All data in transit is encrypted via TLS 1.3. All data at rest uses AES-256. Your broker OAuth tokens, OTP secrets, and payment data are never stored in plain text — ever.

  • TLS 1.3 for all HTTP traffic
  • AES-256 at rest
  • Encrypted database backups
  • Secrets stored in hardware-backed vault

Authentication & Access Control

Intrynsic enforces phone or email OTP verification on every new login. Broker connections use scoped OAuth tokens — we request the minimum permissions required and never store credentials.

  • OTP on every login
  • JWT with 48-hour expiry
  • Scoped broker OAuth (no passwords stored)
  • Immediate revocation on disconnect

Monitoring & Incident Response

We monitor authentication and data-access events and respond promptly to anything anomalous, with audit logging across the platform.

  • Continuous monitoring
  • Audit logging
  • Anomaly account lockout
  • Privacy-first by design

Infrastructure & Data Residency

Production infrastructure runs in India-based data centres. We use isolated environments per service and follow privacy-first principles throughout.

  • India-based servers
  • Service isolation (no shared DB)
  • Encryption in transit
  • Privacy-first by design

Responsible Disclosure

We run a coordinated vulnerability disclosure programme. Security researchers who responsibly report valid vulnerabilities are credited and compensated. We commit to a 48-hour initial response and 30-day remediation target for critical issues.

LowFeb 2025

Unvalidated redirect in OAuth callback

Patch deployed within 6 hours of report. No user data accessed. Reporter rewarded under our bug bounty programme.

InformationalNov 2024

Verbose error messages in staging endpoint

Staging environment hardened. Error messages sanitised. No production impact.

Found a vulnerability?

Report it responsibly and we'll respond within 48 hours. Valid reports are rewarded.

security@intrynsic.ai