Security Concerns

Being concerned about the security of your trading account is absolutely valid—and encouraged. In fact, we take security very seriously and have implemented measures that are often more robust than those provided by many brokers in the industry.

Unlike most trading software companies or stock brokers, we believe in complete transparency. That’s why we openly share detailed insights into our security practices—so you know exactly how your data is protected.

Reason For Concerns

If a broker supports OAuth-based login, our system fully supports it as well. In this method, you’re securely redirected to your broker’s official login page to authenticate. This approach is significantly safer, as you don’t need to store your trading account credentials in our system.

However, if your broker does not support OAuth-based login, our system will request your trading account credentials to enable login. We understand this raises important questions about security. That’s why we’ve written this article—to provide complete transparency and help you understand how we protect your information.

How Are Credentials Stored?

We only request your trading account credentials if your broker does not support OAuth-based login and requires API login using a credentials.

When credentials are needed, AutoTrader securely stores them in Stocks Developer’s database in encrypted form*—ensuring that your sensitive information is never saved as plain text.

To provide complete transparency, here’s a screenshot from our TEST database showing how sensitive information is stored in an encrypted format.

Admin
encrypted-crendetials
Credentials stored in Encrypted format

* When we say credentials are stored in “encrypted form,” it means they’re converted into a string of meaningless characters—often referred to as cipher text. This makes them unreadable to anyone who tries to view them directly.

Even our system administrator, who has access to the database, can only see this encrypted version. The actual credentials are never visible—not even to us. Only the system can decrypt and use them when required for broker API login.

One way hashing technique (BCrypt) ensures that the password can never be converted back to plain text format. API Key & trading account credentials are stored with two-way encryption as users might need to view it.

  • Trading account credentials are stored with two-way encryption. This is because the system needs to read them back while communicating with your trading platform.
  • AutoTrader Web’s internal API Key (which provides API access to AutoTrader Web) is stored with two-way encryption. This is because users might need to view it in case they forget the key.
  • User’s login password for AutoTrader Web is stored using one way hashing technique (BCrypt). It ensures that the password can never be converted back to plain text format.

Portfolio & Trading Data

We want to be very clear: our system does NOT store your portfolio or trading data in our database.

Here’s how it works when you view your portfolio in our system:

  1. Our server fetches the data directly from your broker in real-time.
  2. The data is immediately sent to your browser for display.
  3. Once sent, the data is instantly cleared from our server’s memory (RAM).
  4. It is never saved on any persistent storage like a hard drive or database.

This ensures your portfolio and trading data stays private and never resides permanently on our servers.

Other Security Features

Detailed logs

Our system maintains detailed logs of every activity performed by you—down to the millisecond. These logs are incredibly helpful for troubleshooting issues, tracking order origins, and understanding system behavior.

This level of logging ensures complete transparency. You have clear, timestamped records of everything happening in your account. So, if something ever goes wrong, the logs can help pinpoint whether the issue was with your broker’s system or ours.

You can access your activity logs directly from menu AutoTrader -> Activity] in the dashboard.

Cutting Edge Technology

AutoTrader-Web has been built using the latest versions of Spring framework. Spring is the most widely used application development framework for Java. Spring security module provides many built-in security features for the web application. The details about those features can be found here. Our servers use latest & stable version of Java 11.

Our vision is to always use the latest cutting edge technologies.

Network Security (SSL/HTTPS)

AutoTrader-Web uses SSL/HTTPS to secure all communication between your browser and our server. This means every piece of data transmitted—whether it’s login details, portfolio data, or order requests—is fully encrypted, protecting it from interception or tampering.

Uses Google’s infrastructure

Both our website and back-end services are hosted on Google Cloud’s Mumbai data center. By leveraging Google’s world-class infrastructure, we benefit from industry-leading security, firewall protection, and network reliability.

This setup ensures that our platform delivers:

  • Robust security backed by Google
  • High performance with low latency for users across India
  • 99% uptime, so your trading experience remains smooth and uninterrupted

Backup Servers

All of our services exposed online have primary & backup server. This makes sure that even if we have an issues with one of our servers, there will still be a backup server which will allow users to trade.

Primary Server

Backup Server

What Are The Risks?

Will Stocks Developer trade in my account without permission?

Absolutely not. That’s a firm policy. All actions taken by our system are strictly triggered by the user.

  • Our staff has no access to your trading account.
  • Our systems are built in a way that they cannot initiate trades on their own.
  • You can always review your activity in the logs.

If you ever notice an action you can’t explain, feel free to contact us immediately.

And remember—you’re always in control. You can change your trading platform credentials at any time.
We cannot change your credentials for two reasons:

  1. Your credentials are saved in encrypted form, so we can’t read them.
  2. Changing credentials typically requires additional authentication (via email or SMS), which only you can complete.

Can Stocks Developer withdraw funds from my account?

No, we cannot.
Your trading account is directly linked to your personal bank account. Any withdrawal you make will only transfer funds to your own registered bank account. We have no capability to initiate withdrawals or move your money elsewhere.

Will Stocks Developer share my trading activity or portfolio data?

No, we don’t share any of your data.

  • Trading activity is stored only for logging and investigation purposes. It’s there to help you debug strategies or review past actions, and it’s accessible only to you from the Activity screen.
  • Portfolio data is not stored at all in our database, and therefore, it can’t be shared with anyone.

Why Should You Trust Us?

At Stocks Developer, we’re driven by a deep passion for technology—with a laser focus on building world-class trading software. Our goal is to empower users with powerful tools, not to hide behind black boxes.

We know that trust isn’t given—it’s earned. That’s why we strive to be as transparent as possible, explaining every detail of how our system works, how your data is handled, and what safeguards we’ve put in place.

There’s not much more we can do beyond being open, honest, and giving you full visibility into everything our platform does. We let our software—and transparency—do the talking.

What Should You Do If You Have Doubts?

If you’ve added your trading account to our system and have concerns about security—or simply decide you no longer want to use our services—here’s what you should do:

  1. Immediately change your trading platform password.
    This ensures that even if you’re unsure, your account remains secure.
  2. Remember: Changing your trading password requires access to your registered email or mobile, so it’s not something AutoTrader or anyone else can do on your behalf.
  3. Once your password is changed, AutoTrader Web will no longer have access, as it still holds the old, now-invalid password.
  4. As an extra step, you can also delete your trading account entry from AutoTrader Web for peace of mind.

Taking these steps ensures your account remains fully in your control at all times.

Questions

If you have any other questions, feel free to contact us.