Security

BridgePort never has access to customer private keys. Customer funds are held safely at their custodian until settlement. Settled positions are reconciled between exchanges and trading to ensure correctness. BridgePort works closely with custodians and exchanges to prevent unauthorized transfers via whitelists and policy rules.

Protecting Customers
Protecting Customers

BridgePort never has access to customer private keys. Customer funds are held safely at their custodian until settlement. Settled positions are reconciled between exchanges and trading to ensure correctness. BridgePort works closely with custodians and exchanges to prevent unauthorized transfers via whitelists and policy rules.

Protecting Access
Protecting Access

Customer access is protected with two factor authentication. BridgePort personnel access is protected by multi-factor authentication. API access is protected through the use of API keys and HMAC.

Protecting Data
Protecting Data

All data at rest and in-motion is encrypted. Data is never stored or transferred in the clear. Strict internal application authorization controls ensure private data is accessible only by the intended user. Keys and other secrets are stored in AWS Secrets Manager for increased protection.

Being Available
Being Available

BridgePort is hosted in AWS across two regions in two availability zones each. Data is replicated in real-time to ensure BridgePort is always up.

Providing Assurance
Providing Assurance

BridgePort performs regular scans of technical infrastructure and code as part of our development process to ensure secure coding practices are followed. Regular penetrating testing is performed by outside firms to validate the platform. Our on-going security efforts are establishing a foundation for SOC 2 and ISO 27001 compliance in 2025.

Dedicated to Improvement
Dedicated to Improvement

BridgePort performs regular scans of technical infrastructure and code as part of our development process to ensure secure coding practices are followed. Regular penetrating testing is performed by outside firms to validate the platform. Our on-going security efforts are establishing a foundation for SOC 2 and ISO 27001 compliance in 2025.