Trust Center
Security

Security at StockPilot

Security is a foundation, not a feature. StockPilot is built so your account, your watchlist, and your portfolio remain private — by default.

  • Passwords are hashed with industry-standard algorithms — never stored in plain text.
  • Leaked-password checks block credentials known to be compromised.
  • Sessions use secure, encrypted tokens with automatic refresh.
  • Email verification and password reset run through signed, single-use links.

  • Row-Level Security ensures users can only access their own watchlists, portfolio, alerts, and settings.
  • Cross-user access is structurally impossible — enforced by the database, not just the app.
  • Admin operations run through a separate trusted server pathway with audit-friendly logging.