Security and privacy

BrokerBridge runs entirely on your machine. Your trading data, credentials, and broker connection never pass through our servers.

Local-only architecture

BrokerBridge runs a FastAPI server on localhost:8080 that only accepts local connections. The only outbound network calls are:

  • AI provider APIs for trade decision generation
  • Stripe API for license validation (periodic, lightweight)
  • IB Gateway on localhost for broker operations

Key point: Your portfolio data, trade history, and personal information never leave your machine. No telemetry, no analytics, no cloud backend.

Credential encryption

Encryption algorithm

Fernet (AES-128-CBC with HMAC-SHA256) from the pyCA cryptography library.

Key derivation

PBKDF2-HMAC-SHA256 with 480,000 iterations. Keys derived from your machine fingerprint.

Storage

Encrypted credentials stored in system keyring (macOS Keychain, Windows Credential Manager, or Linux Secret Service).

Machine fingerprint binding

  • Credentials cannot be decrypted on a different machine
  • License is tied to one installation at a time
  • Switch machines by re-entering credentials; license auto-rebinds

What data is sent to AI providers

Sent

  • • Symbol and direction
  • • Price bars (OHLCV data)
  • • Signal scores and evidence
  • • Anonymized portfolio risk metrics

Never sent

  • • Your IBKR account ID
  • • Your personal information
  • • Your full portfolio holdings
  • • Your account balance
  • • Any credentials or API keys

Software distribution and IP

BrokerBridge Broker Bridge is installed on your computer. Anything that runs locally can be inspected by a motivated user -- that is true for any Python (or compiled) desktop app. There is no magic "encryption" that lets the program run while hiding all logic from the machine owner.

What we do provide

  • TLS (HTTPS) for the website and any download links we host, so bits are not sent in cleartext over the internet.
  • Subscription gating via Stripe -- only paying customers get support and documented install paths tied to their account.
  • No secrets in the wheel -- API keys and broker credentials stay in your local env, not baked into packages.

How companies usually protect client-side IP

  • License & terms -- copyright, subscription agreement, and enforcement against redistribution.
  • Keep the crown jewels server-side -- not applicable to a fully local trading desk; anything shipped in the installer can be studied.
  • Optional obfuscation -- tools like PyArmor, Nuitka, or Cython raise the cost of copying; they deter casual ripping, not a skilled reverse engineer.

Bottom line: treat legal protection and subscription value as the primary defense; treat optional obfuscation as a speed bump, not encryption that blocks all analysis.

Security middleware

Security headers

X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy, HSTS.

Rate limiting

100 requests per 60 seconds per IP. Returns 429 with Retry-After header.

License validation

Every API request checked against license status. Invalid licenses return 403.

Admin authentication

Admin routes require Bearer token via BROKERBRIDGE_ADMIN_TOKEN env var.

← Plugin SystemTroubleshooting →