Data Encryption

Encryption is the process of converting readable data into an encoded format that can only be accessed with the correct decryption key. This ensures that even if data is intercepted, it remains unreadable and secure.

Why Encryption Matters

• Protects sensitive trading data from unauthorized access
• Secures personal and financial information
• Prevents data breaches and theft
• Ensures compliance with data protection regulations
• Maintains confidentiality during data transmission

TLS/SSL Encryption

All data transmitted between your browser and Ascentia's servers is encrypted using Transport Layer Security (TLS) 1.3, the latest and most secure version of the protocol.

What This Means for You

• Your login credentials are encrypted during transmission
• Trading data cannot be intercepted by third parties
• All API communications are secured
• Your browsing activity on Ascentia is private
• Man-in-the-middle attacks are prevented

Verifying Secure Connection

• Look for "https://" in the URL (not just "http://")
• Check for the padlock icon in your browser's address bar
• Click the padlock to view certificate details
• Ensure the certificate is issued to "ascentia.app"

Database Encryption

All data stored in Ascentia's databases is encrypted using AES-256 encryption, a military-grade standard that is virtually unbreakable with current technology.

What Data is Encrypted

• Personal information (name, email, phone number)
• Trading journal entries and notes
• Financial data and performance metrics
• Account settings and preferences
• API keys and integration credentials
• Uploaded files and screenshots

Encryption Key Management

Encryption keys are stored separately from the encrypted data and are managed using industry best practices:

• Keys are rotated regularly
• Access to keys is strictly controlled and logged
• Keys are never stored in plain text
• Backup keys are encrypted and stored securely

Password Hashing

Your password is never stored in plain text. Instead, we use bcrypt, a one-way hashing algorithm specifically designed for password security.

How Password Hashing Works

1. When you create or change your password, it's immediately hashed
2. The hash is a unique, irreversible representation of your password
3. Only the hash is stored in our database, never the actual password
4. When you log in, your entered password is hashed and compared to the stored hash
5. Even Ascentia staff cannot see your actual password

Additional Password Protection

• Salting: Each password hash includes a unique random value
• Multiple rounds: The hashing process is repeated many times for added security
• Rate limiting: Failed login attempts are limited to prevent brute force attacks
• Breach monitoring: We check for compromised passwords against known breach databases

For certain highly sensitive features, Ascentia implements end-to-end encryption, meaning data is encrypted on your device before being sent to our servers and can only be decrypted by you.

Features with End-to-End Encryption

• Private trade notes (optional feature)
• Secure file attachments
• Encrypted backups
• Sensitive API credentials

How It Works

1. Data is encrypted on your device using your unique encryption key
2. Encrypted data is sent to Ascentia's servers
3. We store the encrypted data but cannot decrypt it
4. When you access the data, it's sent back to your device
5. Your device decrypts the data using your key

Important: If you lose your encryption key, we cannot recover end-to-end encrypted data. Always keep your recovery key in a safe place.

Encrypted Backups

All backups of your data are encrypted using the same AES-256 standard as our primary databases. Backup encryption keys are stored separately and securely.

Backup Security Measures

• Backups are stored in geographically distributed locations
• Access to backups requires multiple authentication factors
• Backup restoration is logged and monitored
• Old backups are securely deleted after retention period

Your Personal Backups

When you export your data for personal backup:

• Data is encrypted during download
• You can optionally add password protection to exports
• We recommend storing exports in encrypted storage
• Exported files should be treated as sensitive data

API Security

When you connect third-party services (brokers, trading platforms, etc.), all communications are encrypted:

• API keys are encrypted at rest
• OAuth tokens are securely stored
• All API calls use HTTPS/TLS encryption
• Credentials are never logged or exposed

Data Sharing

When data is shared with integrated services:

• Only necessary data is shared
• Data is encrypted during transmission
• You control what data is shared
• Integrations can be revoked at any time

Security Standards

Ascentia's encryption practices comply with:

• GDPR (General Data Protection Regulation)
• SOC 2 Type II compliance
• PCI DSS for payment data
• ISO 27001 information security standards
• NIST cybersecurity framework

Regular Security Audits

• Annual third-party security assessments
• Penetration testing by certified professionals
• Continuous vulnerability scanning
• Regular encryption key rotation
• Security patch management

• Use HTTPS: Always access Ascentia via https://ascentia.app
• Verify certificates: Check for the padlock icon before logging in
• Secure your device: Use device encryption on your computer and phone
• Update software: Keep your browser and operating system updated
• Use secure networks: Avoid public Wi-Fi for accessing sensitive data
• Enable 2FA: Add an extra layer of protection to your account
• Strong passwords: Use unique, complex passwords
• Log out: Always log out when using shared devices