Security

Plain boundaries for a serious workspace.

Public outside. Workspace inside.

How your data is held

Practical security. Not a badge.

SnapTrade brokers the broker handoff when enabled. Heuby keeps the boundary plain: public site outside, authenticated workspace inside.

You authorize with the broker provider. Heuby does not ask for broker passwords in the app.

The product is built around pulling records into the workspace, not placing trades from it.

SnapTrade connections can be removed while existing imported records remain available for review.

Dashboard, import, reports, settings, trade log, journal, and watchlist routes sit behind session auth.

The web app calls `/api` through the Next.js proxy so browser requests stay aligned with the app origin.

Profile data, trades, portfolios, targets, watchlist, journal entries, and connection metadata can be exported.

Production checks

The repository already names the deployment switches that matter before real financial records enter a hosted environment.

Set a strong JWT secret before production use.

Use secure cookies behind HTTPS.

Configure production CORS origins intentionally.

Keep registration invite-only or closed for private previews.

Review the security posture, configure the deployment, then start with the records you are ready to bring together.