Helvetic Broker

Key Security Practices

At Helvetic Broker, your security is our top priority. Here’s how we protect your data and your experience.

At Rest: All sensitive data, including API keys, is encrypted using AES-256.
In Transit: All communications use TLS/HTTPS to ensure your data is protected from interception.

We use secure authentication methods such as OAuth2 and industry-standard protocols.
Our authentication system is powered by Firebase Authentication, providing robust security for user sign-in and account management.
User sessions are managed securely and never expose sensitive information.

No secrets are ever stored in your browser.
API keys stored or processed on our servers are strictly read-only.
Keys with higher permissions (e.g., transactions) are only processed locally on the user’s phone and encrypted in the device’s secure trust store.
Only biometric or PIN code authentication allows the phone to interact with these keys, keeping the user in full control at all times.

We are fully compliant with GDPR, Swiss, EU, and crypto industry standards.
We never store or hold user funds on our servers. Helvetic Broker is a portfolio tracking and informational platform. We do not execute, transfer, or custody any funds on behalf of users.
All API keys provided by users are strictly read-only, ensuring we can only retrieve data and cannot perform any transactions.
We may help prepare unsigned transaction suggestions (e.g., for DEX interactions), but the user must always execute the final action themselves in their own wallet or third-party service.
See our regulatory status and licenses

We use trusted cloud providers with robust physical and network security.
Our infrastructure is built on Google Cloud, Firebase, and protected by Cloudflare for enhanced security, reliability, and DDoS protection.
Firewalls, DDoS protection, and continuous monitoring are in place to protect our infrastructure.

Your security is our mission. If you have any questions or concerns, contact our support team.