Security and Data Protection

At TangoTrade, we believe that customer trust is a top priority and is fundamental to our business. We also understand that our customers care deeply about their financial and data security.  We designed the TangoTrade platform from the ground up to ensure the highest degree of security for our partners and end users.

Data Security

  • Data in transit
    • TangoTrade uses HTTPS (connection security), with a certificate issued by Let’s Encrypt Authority X3 (a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption).
  • Data at rest
    • Customer sensitive information, including bank account details, is encrypted at rest using AES-256 encryption, one of the most secure encryption algorithms available.
  • Defense / security against external attacks (e.g. DDOS)
    • TangoTrade protects our web application against Distributed Denial of Service (DDoS) attacks by enabling AWS Shield, a leading DDoS protection service provided by Amazon Web Services.

API Security

  • Access token
    • Third party access to TangoTrade’s API requires an access token, solely issued by TangoTrade to approved partners. TangoTrade uses JSON Web Token (JWT), the leading open standard for securely transmitting information between parties as a JSON object.
  • Secret key
    • TangoTrade’s implementation of JWT uses HS256 (HMAC with SHA-256) to generate the signature and the secret key used by this algorithm is in the server.

Regulatory Security

  • Partner licensing
    • All payment provider partners and integrated lenders maintain effective security policies and procedures, and hold required state and / or federal licenses

Human Security

  • Background checks
    • All TangoTrade employees undergo FBI background checks and must be approved by the California Department of Business Oversight
  • Compliance training
    • All employees are required to complete regular training on topics including anti-money laundering, regulatory compliance, and info-security policies and procedures