Investor Hints logo
IntroductionOverviewInvestment ValidatorETF AnalyzerRisk ProfilerDrawdown SimulatorFinancial CalculatorsCoach ModeAcquisition OverviewPlatform RoadmapArchitectureSecurity PracticesTechnical Due DiligenceCore Frameworks

Security Practices

Security is not an afterthought at InvestorHints; it is built into the foundation of every tool and feature we release. We follow industry best practices to ensure your data remains private and secure.

Authentication & Authorization

We use **Better Auth** for robust session management. This ensures that authentication is handled securely, with features like multi-device session tracking, CSRF protection, and secure cookie handling.

  • Salted & Hashed Passwords
  • Secure Session Cookies
  • CSRF Protection
  • Rate Limiting on Auth Endpoints

Data Privacy

We operate on a principle of data minimization. We only collect the information necessary to provide our services. User PII is handled with extreme care and is never sold to third parties.

Infrastructure Security

Our platform is hosted on Vercel, which provides a hardened infrastructure with DDoS protection and automated security updates. MongoDB Atlas provides encryption at rest and in transit (TLS 1.2+).

Reporting a Vulnerability

If you believe you have found a security vulnerability in InvestorHints, please contact us immediately. We take all reports seriously.

Contact Security Team →