Security and privacy

BrokerBridge is local-first: your trade data, journal, and positions stay on your machine. A small number of external connections are made for AI inference, beta access validation, and optional telemetry.

Local-first architecture

BrokerBridge runs a FastAPI server on localhost:8400 that only accepts local connections. External network calls are limited to the following:

  • AI provider APIs for trade decision generation (Claude, OpenAI, etc.)
  • brokerbridge.tech entitlement API for beta access validation (periodic, lightweight)
  • IB Gateway on localhost for broker operations
  • Optional telemetry (off by default; chat content requires a separate explicit opt-in)

Key point: Your trading data (proposals, journal, positions) stays local. AI provider API calls and optional telemetry connect to external services. Enable telemetry by setting BROKERBRIDGE_TELEMETRY_ENABLED=1; raw chat content stays redacted unless BROKERBRIDGE_TELEMETRY_INCLUDE_CONTENT=1 is also set.

Credential encryption

Encryption algorithm

Fernet (AES-128-CBC with HMAC-SHA256) from the pyCA cryptography library.

Key derivation

PBKDF2-HMAC-SHA256 with 480,000 iterations. Keys derived from your machine fingerprint.

Storage

Encrypted credentials stored in system keyring (macOS Keychain, Windows Credential Manager, or Linux Secret Service).

Machine fingerprint binding

  • Credentials cannot be decrypted on a different machine
  • License is tied to one installation at a time
  • Switch machines by re-entering credentials; license auto-rebinds

What data is sent to AI providers

Sent

  • • Symbol and direction
  • • Price bars (OHLCV data)
  • • Signal scores and evidence
  • • Anonymized portfolio risk metrics

Never sent

  • • Your IBKR account ID
  • • Your personal information
  • • Your full portfolio holdings
  • • Your account balance
  • • Any credentials or API keys

Software distribution and IP

BrokerBridge Broker Bridge is installed on yourcomputer. Anything that runs locally can be inspected by a motivated user -- that is true for any Python (or compiled) desktop app. There is no magic "encryption" that lets the program run while hiding all logic from the machine owner.

What we do provide

  • TLS (HTTPS) for the website and any download links we host, so bits are not sent in cleartext over the internet.
  • Beta access gating via YMI Pro invite activation -- only eligible members get support and documented install paths tied to their account.
  • No secrets in the wheel -- API keys and broker credentials stay in your local env, not baked into packages.

How companies usually protect client-side IP

  • License & terms -- copyright, member agreement, and enforcement against redistribution.
  • Keep the crown jewels server-side -- not applicable to a fully local trading desk; anything shipped in the installer can be studied.
  • Optional obfuscation -- tools like PyArmor, Nuitka, or Cython raise the cost of copying; they deter casual ripping, not a skilled reverse engineer.

Bottom line: treat legal protection and member value as the primary defense; treat optional obfuscation as a speed bump, not encryption that blocks all analysis.

Security middleware

Security headers

X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy, HSTS.

Rate limiting

100 requests per 60 seconds per IP. Returns 429 with Retry-After header.

License validation

Every API request checked against license status. Invalid licenses return 403.

Admin authentication

Admin routes require Bearer token via BROKERBRIDGE_ADMIN_TOKEN env var.

← Plugin SystemTroubleshooting →