How we run Sub.Trade.

Sub.Trade runs on a small set of named, well-known providers. We don't resell or share your data with anyone else.

All traffic to and from Sub.Trade uses TLS 1.2+. All databases and storage volumes are encrypted at rest by the underlying provider.

Specific PII fields — EIN / TIN today, expanding as we go — are additionally encrypted at the application layer with AES-256-GCM before being written. The keys are held in environment variables outside the database, so a hypothetical DB-only breach would not yield those values in plaintext.

Every action against your data goes through Clerk-authenticated sessions. Organization-scoped data is gated server-side on every request — there is no "trust the URL" access path.

Internal access to production systems is limited to a small set of platform owners (the people responsible for keeping the service running). Their access is logged, scoped, and behind their own MFA.

Neon Postgres provides automatic point-in-time recovery on its managed plan, with daily snapshots. We also pull a separate weekly logical backup into an isolated storage location so a single-vendor compromise can't take everything with it.

Backups are tested at least once per quarter against a non-prod target to verify they actually restore.

Every push to main runs automated typecheck, build, and dependency-CVE checks before ship-ready code lands. Critical security advisories block deploys; lesser issues are tracked in our internal audit notes and patched on a weekly cadence.

Dependencies are auto-updated weekly by Dependabot with grouped PRs reviewed by a human before merge. Security advisories bypass the schedule and open immediately.

Found something concerning? Email security@sub.trade with details. We acknowledge reports within one business day and won't pursue legal action against good-faith researchers who follow standard disclosure practice.