Connect at your broker
When supported, you approve Cataldex on the broker's website instead of pasting secret API keys into ours.
Security
Cataldex is built to limit what it can access, protect saved credentials, and keep each member's data separate.
When supported, you approve Cataldex on the broker's website instead of pasting secret API keys into ours.
Broker access tokens are encrypted with a server key that is kept separate from the member database.
Passwords are salted and hashed. Login sessions are random, expire, and are stored only as hashes.
Members can only load records that belong to their own account. Founder tools use a separate protected role.
Broker connections request only the supported permissions and can be removed from Cataldex or the broker.
System health, trade decisions, orders, and fills are recorded so problems can be found and reviewed.
An honest Beta
Cataldex Beta is not claiming SOC 2 certification or perfect protection. Live production access will require broker approval, HTTPS, regular secret rotation, backups, monitoring, an incident plan, and continued security testing.