Security & Trust

Last Updated: March 2026

1. Our Commitment to Your Security

At BazaarDiary, we understand that financial data is sensitive. We have engineered our entire platform around the principle of strict, unyielding data perimeter defense. We do not take your trust lightly.

2. Read-Only Broker Integration

When you sync BazaarDiary with your broker (Zerodha, Upstox, Groww, or Kotak Neo), you connect via official, read-only API systems.

  • Zero Trading Power: BazaarDiary physically cannot place, modify, or cancel trades. Our systems do not have the permissions.
  • Zero Fund Access: We cannot view or access your core bank accounts or initiate cash withdrawals.
  • Encrypted Transport: All data transmitted between your broker and our servers relies on military-grade TLS 1.3 encryption.

3. Artificial Intelligence Safety

Our flagship AI Coach operates using OpenAI's enterprise models. Your data privacy is guaranteed at the architectural level:

  • Zero Model Training: Any data sent for AI analysis is strictly quarantined and is never used to train public or global AI models.
  • Anonymized Transport: We transmit your P&L constraints, strategy labels, and daily psychological journal notes, but all directly identifiable personal information (like your real name and email) is stripped at the edge before AI evaluation.

4. Secure Infrastructure

Our platform runs on state-of-the-art managed cloud infrastructure:

  • Authentication: All user sessions are authenticated with strongly signed JSON Web Tokens (JWTs) tied to rigorous backend Session mapping.
  • DDoS Protection: Global rate-limiting prevents credential stuffing and brute-force scraping attacks on our API endpoints.
  • Database Encryption: All sensitive keys and tokens are encrypted at rest using industry-standard AES protocols.

5. Reporting Security Vulnerabilities

If you believe you have discovered a vulnerability in BazaarDiary, we encourage you to disclose it. We review all security inquiries thoroughly to ensure prompt remediation.

Please submit detailed vulnerability reports to our dedicated security contact directly via the Contact page.