01001000 101101011 010 1100110110 100 0101101 1011 001 10$

Trust Center

How ChainCompass Pro protects your capital, data, and identity

System StatusGet started
Bloomberg-grade security posture

Your money stays yours. Your keys stay encrypted. Your data stays isolated.

ChainCompass Pro is an AI investment platform, not a custodial exchange. We connect to your exchange in read-only mode by default. Live execution is opt-in, gated by 2FA, and never has withdrawal capability. Every guarantee below is enforced by code — and verified by tests.

Fernet-encrypted API keys
Every user's exchange keys are encrypted at rest with AES-128 (cryptography.io Fernet). The plaintext key never leaves the encrypted vault and is never sent to the browser.
Zero withdrawal capability
ChainCompass Pro cannot withdraw funds. We refuse to store any API key that has withdrawal permission enabled. Read + trade only, always.
Per-user isolation
Your Digital Twin, portfolio, watchlists, sessions, and audit log are strictly scoped to your user_id. Multi-user isolation is verified with automated tests on every deploy.
2FA-gated live trading
Live execution requires TOTP two-factor authentication plus explicit acknowledgement of a risk disclosure. Paper trading is default; live is opt-in.
Full audit trail
Every login, session, exchange key change, and live-trading toggle is recorded to a per-user audit log you can review at any time.
Rate limiting + lockout
Auth endpoints are rate-limited; 5 failed logins trigger a 15-minute lockout. Brute-force protection is on by default.
Session control
See every active session with its device and IP. Revoke individual sessions or every session except the current one with one click.
Passwords hashed with bcrypt
We never see or store your plaintext password. Passwords are hashed with bcrypt using per-user salts.

How your data flows

  1. You register with email + password. Password is bcrypt-hashed before it ever hits the database.
  2. You (optionally) connect an exchange. Your API key is encrypted with Fernet on the server; the plaintext is discarded immediately. We scan the key's permissions and refuse it if withdrawals are enabled.
  3. The AI runs on the server against your encrypted keys, never against a shared account. Your Digital Twin, portfolio, and audit log are all keyed to your user_id — no cross-user access is possible.
  4. Paper trading is default. To enable live execution you must set up 2FA and acknowledge a risk disclosure, then enter a TOTP code. Every activation is logged.
  5. You retain full control. Disable live trading, revoke any session, disconnect any exchange, or delete your account — anytime.

Ready to test-drive on paper?

Paper trading is free and instant. No exchange required.

Create your account
bcrypt hashed Fernet AES-128 encrypted Per-user isolation 2FA required for live