Security Practices

Last updated: October 2025

TLS 1.3 AES-256 at rest RBAC Backups Audit logs

1. Overview

MirrorLink connects trading platforms to facilitate trade copying and analytics. Security is integrated across product design, development, deployment, and operations to protect accounts, credentials, and trading data.

2. Data Protection

  • Transport encryption with TLS 1.3 for all HTTPS and WebSocket connections.
  • Encryption at rest using AES-256 for databases and backups.
  • Role-based access control, least privilege, and periodic access reviews.
  • Password hashing using a modern adaptive function.
  • Segregation of production and non-production environments.

3. Credentials and Secrets

  • Broker credentials, OAuth secrets, and API tokens are encrypted and never stored in plaintext.
  • Secrets are kept in environment variables or a managed secrets vault and rotated when necessary.
  • Access to user-linked trading accounts is scoped to the permissions you authorise and can be revoked at any time.

4. Account Security

  • Optional TOTP-based two-factor authentication.
  • Short-lived JWTs stored in HTTP-only cookies with refresh on demand.
  • Session invalidation on password reset or account closure.

5. Infrastructure

  • Isolated services for the web app, WebSocket relays, and provisioning components.
  • Firewall rules restrict inbound traffic to required ports only.
  • Automated nightly backups with tested restoration procedures.

6. Monitoring and Testing

  • Centralised logging, anomaly detection, and alerting.
  • Automated dependency and image scanning.
  • Periodic third-party security reviews and penetration tests.

7. Data Retention and Deletion

Operational logs and trading data are retained only as long as necessary to provide the service, meet legal obligations, resolve disputes, and enforce agreements. You can request deletion of your account data and we will erase or anonymise personal data not required for ongoing obligations.

8. Incident Response

  • Rapid triage, containment, and remediation once an incident is detected.
  • Root-cause analysis and corrective actions tracked to completion.
  • User notification without undue delay if your data is impacted.

9. Report a Vulnerability

Email security issues to support@mirrorlnk.com. Include steps to reproduce and any relevant logs. We will acknowledge your report and keep you updated through resolution.