Security
Securing Your Practice—Process Account
Best practices for keeping your trading journal and sensitive data secure.
Your trading data is sensitive. This guide covers how we protect it and what you can do to enhance security.
How We Protect Your Data
Encryption
At Rest: All data encrypted using AES-256
In Transit: TLS 1.3 for all connections
Backups: Encrypted and stored in separate regions
Infrastructure
SOC 2 Type II compliant
Hosted on AWS with strict access controls
Regular third-party security audits
99.9% uptime SLA
Access Controls
Role-based access for team accounts
Audit logs for all data access
Automatic session timeouts
IP allowlisting (optional)
Your Security Responsibilities
Strong Password
Use a unique password with:
At least 12 characters
Mix of upper/lower case
Numbers and symbols
No dictionary words
Enable Two-Factor Authentication (2FA)
1Go to Account → Security
2Click Enable 2FA
3Choose your method:
Authenticator app (recommended)
SMS backup code
4Save your recovery codes securely
Monitor Login Activity
Check Account → Security → Login History regularly for:
Unrecognized devices
Unusual locations
Failed login attempts
Secure Broker Connections
When connecting trading accounts:
Use OAuth when available (no credentials stored)
Enable read-only access only
Review connected apps quarterly
Revoke unused connections
Team Account Security
For team plans, admins can:
Set password policies
Require 2FA for all members
Control data access levels
Review member activity logs
Data Privacy
We never:
Sell your data to third parties
Share your trading information
Use your data for any purpose beyond providing our service
Access your broker accounts beyond read-only sync
If You Suspect a Breach
1Immediately change your password
2Enable 2FA if not already active
3Review and revoke broker connections
4Contact security@practiceprocess.com
5Review login history for suspicious activity
Our security team responds to all reports within 24 hours.