Cyris Security Practices

🔐

SSL/TLS Encryption

All data transmitted between your browser and Cyris servers is encrypted using industry-standard HTTPS/TLS protocols.

🔑

OAuth Authentication

For supported brokers, you authenticate directly with your broker. Your login credentials are never shared with Cyris.

🗄️

Encrypted Storage

All sensitive data including API credentials are encrypted at rest using strong encryption algorithms.

☁️

Azure Infrastructure

Hosted on Microsoft Azure with enterprise-grade security, DDoS protection, and 99.9% uptime SLA.

🏦 How We Connect to Your Broker

We use different authentication methods depending on your broker. Here's what you need to know:

Broker	Auth Method	Credential Storage	Your Password
TradeStation	OAuth 2.0	Access token only	Never shared with Cyris
Robinhood	OAuth 2.0	Access token only	Never shared with Cyris
Tradovate	API Credentials	Encrypted API keys	API secret stored encrypted
NinjaTrader	API Credentials	Encrypted API keys	API secret stored encrypted
OANDA	API Token	Encrypted token	Never shared with Cyris

What's the difference?

OAuth: You log in directly on your broker's website. Cyris receives a limited-access token, never your actual password. This is the most secure method.

API Credentials: Some brokers require API keys/secrets. These are stored encrypted and are used only to communicate with your broker's systems.

✅ Our Security Practices

✓
Passwords Are Hashed Your Cyris account password is hashed using industry-standard algorithms. We cannot see or recover your password—only you can reset it.
✓
Unique API Keys & Webhook Tokens Each user receives unique, randomly-generated API keys and webhook tokens. These can be regenerated at any time from your account settings.
✓
No Plain-Text Credential Storage We never store passwords, API secrets, or sensitive credentials in plain text. All sensitive data is encrypted before storage.
✓
Secure Session Management Sessions are securely managed with automatic expiration. Logging out invalidates your session immediately.
✓
Access Control Strict internal access controls ensure only authorized systems and personnel can access user data, and only when necessary.
✓
Disconnect Anytime You can disconnect any broker from Cyris at any time. Upon disconnection, associated tokens and credentials are immediately deleted.

🛡️ Your Security Best Practices

While we do our part, here's how you can help keep your accounts secure:

🔐 Enable 2FA

Enable two-factor authentication on all your brokerage accounts for an extra layer of security.

🔑 Unique Passwords

Use a strong, unique password for your Cyris account. Consider using a password manager.

👀 Monitor Activity

Regularly check your brokerage accounts for any unauthorized activity or unfamiliar trades.

🚫 Don't Share Credentials

Never share your API keys, webhook tokens, or login credentials with anyone.

📧 Watch for Phishing

We will never ask for your broker password via email. Be wary of suspicious messages.

🔄 Regenerate If Exposed

If you believe your API key or webhook token has been exposed, regenerate it immediately in Settings.

🚨 Security Incident Response

In the unlikely event of a security breach affecting your data, we commit to:

1
Rapid Notification Notify affected users within 72 hours of discovering a breach
2
Clear Communication Explain what happened, what data was affected, and what we're doing about it
3
Actionable Guidance Provide specific steps you should take to protect yourself
4
Regulatory Compliance Report to relevant authorities as required by law

❓ Questions?

If you have questions about our security practices or want to report a security concern:

Email: security@cyrisai.com
General Support: cyrisaillc@gmail.com

🔒 Security at Cyris