Legal

    Security Policy

    Last updated: June 6, 2026

    Security is foundational to STRATOS. Because our product is governance, the integrity of our systems and the protection of user data are central to everything we build. This policy summarizes the safeguards we apply and how to report a vulnerability.

    Encryption

    We encrypt data in transit using industry-standard TLS, and we apply encryption at rest for stored data where appropriate. Credentials are never stored in plaintext; passwords are protected using a strong, salted one-way hashing algorithm.

    Access Controls

    • Role-based access limits sensitive operations to authorized personnel.
    • Authentication sessions use HTTP-only cookies to reduce client-side exposure.
    • The principle of least privilege governs internal access to systems and data.

    Audit Logging

    Consistent with our Audit Chain philosophy, security-relevant events are logged to support monitoring, investigation, and accountability. Logs are retained for an appropriate period and protected against tampering.

    Incident Response

    We maintain an incident-response process to detect, contain, investigate, and remediate security events. Where a confirmed incident affects your information and notification is required, we will notify affected parties and relevant authorities as required by applicable law.

    Custody Clarification

    STRATOS does not take custody of user funds. Track 1 subscriptions provide access to market intelligence, governance transparency, and analytics only. Users execute trades manually in their own brokerage or exchange accounts. Stratos does not hold, manage, or have access to subscriber funds. Future connected-account or Autopilot functionality, if offered, will require separate approval, disclosures, and provider arrangements.

    Responsible Disclosure

    We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@stratosaitrades.com with details and steps to reproduce. We ask that you give us a reasonable opportunity to remediate before public disclosure, avoid accessing or modifying data that is not yours, and act in good faith. We will not pursue legal action against researchers who follow this responsible-disclosure process.

    Contact

    For security matters, contact security@stratosaitrades.com.