Back

AdviserCOT | Data Security

Current Security Infrastructure as at June 2025

Passwords

Passwords are never stored in their original form. They are hashed using the argon2 algorithm. Therefore, we will never know what is the correct password for your account. If your password has not been revealed to anyone, the only way to log in to your account is for you to recall your password, or for it to be reset.

Data location

We currently host all our data on Railway.com, which offers SOC 2 Type I compliance for all its services, and is aiming for SOC 2 Type II compliance. Railway claims to have worked with teams in government, healthcare and finance to ensure that their needs are met.

More information: https://docs.railway.com/maturity/compliance

Through the use of Railway, our application's web frontend servers, backend servers and database servers, are all located within Singapore.

Our application's backend is served to you via Cloudflare, which serves to protect our traffic from bots, denial of service attacks and other nefarious actors.

More information on Cloudflare: https://www.cloudflare.com/en-gb/learning/what-is-cloudflare/

Data encryption in transit

As we always use HTTPS, all data we send to you and all data that you send to us (provided you aren't using a compromised client/app) are sent in an encrypted form. This means that third parties would typically be unable to read the contents even if they intercepted the data.

However, to further ensure your security, please avoid using untrusted WiFi networks, and ensure as much as possible that you are not using a device that has keyloggers or screenloggers installed on it. Keyloggers record what you enter on your keyboard, and screenloggers record the contents of your screen, sometimes without your permission. If you intentionally have keyboard or screen recording features, ensure that they don't abuse their privileges and that recordings are not unintentionally leaked to third parties.

Planned security infrastructure

As we are dealing with highly confidential information, we plan to gradually improve our data security measures, especially for the aspects that we believe matter to you. Due to the nature of this application, this is important to us and we plan to roll out these features right after our core application features are done.

Data encryption at rest

We plan to also store all data in our database in our encrypted form. Even though our database service is SOC 2 Type 1 compliant, we wish to further ensure that in the highly unlikely scenario that data is taken out of the database without our permission, it is in an unreadable format.

Client data lockbox

We plan to store your clients' personally identifiable information (PII) in a digital lockbox that is even more secure than the rest of the backend application servers. We will implement additional authentication steps for accessing your clients' PII.

Two-factor authentication

We plan to implement two-factor authentication for logging in to your account and for accessing data sealed in the planned client data lockbox.

Bug bounty program

Large security-focused companies pay a bounty to ethical hackers who report security vulnerabilities in their infrastructure. As data security is very important to us, we plan to start a bug bounty program as soon as funding permits.