Security & Trust

Security isn't a feature. It's the foundation.

ERA AI routes real money on live markets. We engineer security with the same rigour institutional desks apply to their trading infrastructure.

All systems operational · 99.97% uptime (30d)

Encryption Everywhere

All data in transit is encrypted via TLS 1.3. All data at rest uses AES-256. Your broker OAuth tokens, OTP secrets, and payment data are never stored in plain text — ever.

  • TLS 1.3 for all HTTP traffic
  • AES-256 at rest
  • Encrypted database backups
  • Secrets stored in hardware-backed vault

Authentication & Access Control

ERA AI enforces phone or email OTP verification on every new login. Broker connections use scoped OAuth tokens — we request the minimum permissions required and never store credentials.

  • OTP on every login
  • JWT with 48-hour expiry
  • Scoped broker OAuth (no passwords stored)
  • Immediate revocation on disconnect

Monitoring & Incident Response

Continuous real-time monitoring covers every authentication event, API call, and data access. Anomalous patterns trigger automated alerts and a 4-hour incident response SLA.

  • 24/7 automated threat detection
  • 4-hour incident response SLA
  • Immutable audit logs
  • Automated account lockout on anomaly

Infrastructure & Data Residency

All production infrastructure runs in India-based data centres compliant with applicable data residency requirements. We use isolated environments per service and regular penetration testing.

  • India-based servers
  • Service isolation (no shared DB)
  • Quarterly penetration testing
  • SOC 2 Type II roadmap

Responsible Disclosure

We run a coordinated vulnerability disclosure programme. Security researchers who responsibly report valid vulnerabilities are credited and compensated. We commit to a 48-hour initial response and 30-day remediation target for critical issues.

LowFeb 2025

Unvalidated redirect in OAuth callback

Patch deployed within 6 hours of report. No user data accessed. Reporter rewarded under our bug bounty programme.

InformationalNov 2024

Verbose error messages in staging endpoint

Staging environment hardened. Error messages sanitised. No production impact.

Found a vulnerability?

Report it responsibly and we'll respond within 48 hours. Valid reports are rewarded.

security@erainvest.ai