Security

Security is a fundamental part of our business. Below, we explain how we protect personal data and secure our systems.

How we access your personal data

A functioning CITEC account relies on enabling CITEC to interact with your investment account. This allows CITEC to display your investment accounts, account holdings, and transaction history.

To link your investment account, CITEC sends you over to your brokerage’s website, where you enter your login credentials. At no point does CITEC see or store your brokerage account credentials.

When you link your investment account, you choose whether to grant CITEC read-only or trade-enabled access. Trade-enabled access allows you to execute One-Click Trades through CITEC.

This access is granted through a secure OAuth flow. The process works as follows:

  • User creates a CITEC account and clicks the Authorize button to start the OAuth flow.
  • CITEC redirects the user to their brokerage website with a request for limited access.
  • The user logs in to their brokerage website and grants the access request.
  • The user is then redirected back to CITEC with a temporary access token.
  • CITEC collects the access token and authenticates with the brokerage to confirm that the token is valid.
  • Upon receipt of a valid token, CITEC can now sync with the user’s brokerage, enabling the user’s CITEC dashboard to display their accounts and holdings.
  • Should the user wish to revoke CITEC’s access, they can delete the connection within CITEC or do so from the application dashboard within their brokerage account.

CITEC periodically accesses information from your investment account in order to:

  • Refresh the access token to keep it valid
  • Check your account for new transactions
  • Check your account for portfolio accuracy

When you access your CITEC account, we make live requests for information from your investment account to give you real-time information about your account and calculated trades.

How we store your personal data

CITEC stores limited personal data from your investment account. We store only information that is required to provide our service. The basic account information is a list of your investment accounts and identifiers associated with them. We need to store this information so that we can associate your set portfolio targets with their associated investment accounts.

Besides basic account information, CITEC also stores:

  • account holdings and balances
  • symbol and ticker information to allow us to efficiently fetch quotes for securities associated with your account
  • account transaction history for cash notifications and reporting tools
  • order history for trades that were placed or attempted through CITEC’s One-Click Trades feature
  • pageview and application usage history, including your IP address and session cookies
  • anonymized aggregate statistics across all accounts, such as active accounts, total holdings, and other business metrics

Your investment account information is not shared with any other party, except when included with communications such as emails or other messaging. Application usage data may be shared with third-party services such as Google Analytics. Please note that the sharing of application usage data does not include your private financial data.

How we secure your personal data

CITEC runs its software on servers in a major datacentre. Our servers are hosted in Canada and fall under the jurisdiction of the Canadian legal system. We limit server access to only key employees who need access to production resources. The server is frequently screened for vulnerabilities and patched where appropriate. Standard security practices such as a firewall and SSH keys are used to limit access and reduce attack surface. All networked services running on the server are locally bound and password protected where possible. Database backups are made frequently and strongly encrypted before uploading to a secure remote location. All data is encrypted at rest and in transit using SSL.

Data subprocessors

CITEC employs a number of third party services to help us run our business. Only relevant data is shared as needed with subprocessors, and is anonymized where possible.

Data subprocessors include:

  • Google Analytics
  • Stripe
  • Google Ads
  • Auth0
  • Customer.io

Deleting your personal data

Any user can request the permanent deletion of all their personal data at any time. Simply contact us via email using your email address associated with your CITEC account with the email subject being “Deletion”, requesting the closure of your account or the deletion of your personal data. Your request will be processed within five business days and you will receive a confirmation email once complete.

DISCLAIMER
Citec Solutions makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, CITEC Solutions does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site.

We do not provide financial advice. We do not and cannot guarantee the future performance of your portfolio nor the success of investment strategies we may use or suggest. Historical performances used in our platform do not serve as warrants for future performances. We do not provide legal nor fiscal advice, our optimizations have been prepared for informational purposes only. We do not warrant accuracy, reliability or responsibility around possible results. We only serve as an additional intelligence layer over your broker account, no recommendations given by these partners are applied within Citec.