On this page
Security
- Effective
- April 18, 2026
- Last updated
- April 18, 2026
Hydra Solutions builds institutional-grade fintech infrastructure. Security is foundational to how we design, ship, and operate the Services.
1. Our approach
Defense in depth, least-privilege access, and monitoring. We are an early-stage team and build with security in mind from the start rather than bolting it on later.
2. Infrastructure
The site and product run on Vercel. Our database and authentication run on Supabase, with row-level security on tenant-scoped data so one user's data is not accessible to another. All traffic to gethydrasolutions.com and product subdomains is served over TLS 1.2 or higher. Data at rest is encrypted using AES-256 by our providers.
3. Authentication and access
User authentication runs through Supabase Auth with password login and support for SSO. Internal access to production systems is restricted to the people who need it, protected with multi-factor authentication, and reviewed regularly. We do not share credentials.
4. Data handling
Your content — saved research, Community posts, paper-trading records, and treasury data — is isolated per user. We do not use your personal content to train third-party foundation models. Third-party LLM providers we use are contractually prohibited from training on your inputs. Backups are encrypted and rotate on a 30-day cycle. When you close your account, your data is removed from primary systems within 90 days; it expires from backups on the normal rotation after that.
5. Application security
Code changes go through review. We run dependency and secret scanning on our repository. We are an early-stage team: we have not yet completed a formal third-party penetration test or achieved SOC 2 attestation. Building toward both is on the roadmap.
6. Monitoring and incident response
We log and alert on authentication events and privileged operations. We have a documented incident response process. If a security incident affects your personal information, we will notify you without undue delay and as required by law.
7. Your part
Use a strong, unique password. Enable multi-factor authentication when it is available on your account. Never share your credentials. Hydra Solutions will never ask for your password. If something looks wrong, email contact@gethydrasolutions.com.
8. Reporting a vulnerability
If you find a security issue, email contact@gethydrasolutions.com with details and steps to reproduce. Please do not publicly disclose it before we have had a reasonable chance to fix it. We will acknowledge receipt within three business days and keep you updated. We will not pursue legal action against researchers acting in good faith under this policy.