Safety

Learn how we protect your data and ensure security in Monkeys Finance.

Safety Illustration

Introduction

When we started building Monkeys Finance, we established a fundamental principle: security and user privacy would never be compromised. Our platform is designed with defense-in-depth architecture, utilizing industry-leading third-party services and encryption standards to protect your data at every layer.

We partnered with trusted industry leaders—Stripe for payments, Neon for database infrastructure, and Clerk for authentication—to ensure that your sensitive information is handled by specialists who dedicate their entire business to security. In the following sections, we'll detail how each component contributes to keeping your data safe.

Payment Security with Stripe

Monkeys Finance uses Stripe as our payment processor, a globally trusted platform that handles billions of dollars in transactions annually for companies like Amazon, Google, and Shopify.

We never see or store your payment information. When you add a payment method, your card details are sent directly to Stripe's secure servers using industry-standard encryption. Monkeys Finance only receives a secure token that allows us to process payments without ever accessing your actual card numbers or banking information.

Stripe's security credentials include:

  • PCI DSS Level 1 certification—the highest level of payment security compliance
  • End-to-end encryption for all payment data
  • Advanced fraud detection using machine learning
  • 24/7 monitoring and threat detection
  • SOC 1 and SOC 2 Type II certified

By delegating payment processing to Stripe, we ensure that your financial data is protected by a company that invests hundreds of millions of dollars annually in security infrastructure. This means you benefit from bank-level security without us ever handling sensitive payment information.

Database Security with Neon

All Monkeys Finance data is stored in Neon, a serverless Postgres platform built specifically for modern cloud applications with security as a top priority.

Neon provides enterprise-grade database security through:

  • Encryption at rest—all data stored in the database is encrypted using AES-256 encryption
  • Encryption in transit—all connections use TLS 1.2+ to prevent interception
  • Isolated compute—each database runs in its own isolated environment
  • Automatic backups—point-in-time recovery ensures data durability
  • VPC isolation—network-level security prevents unauthorized access
  • SOC 2 Type II compliance—independently audited security controls

Neon's serverless architecture also means that your data is automatically scaled and distributed across multiple availability zones, protecting against hardware failures and ensuring high availability. Unlike traditional database setups, Neon separates storage from compute, which means your data is replicated and protected even if compute resources are temporarily unavailable.

API Key Encryption

When you connect your exchange API keys to Monkeys Finance for automated trading, protecting these credentials is our highest priority. We implement multi-layer encryption to ensure your API keys remain secure.

Our API key protection strategy includes:

  • Client-side encryption—keys are encrypted in your browser before transmission
  • AES-256-GCM encryption—industry-standard symmetric encryption for stored keys
  • Unique encryption keys per user—derived using secure key derivation functions
  • Encrypted at rest—keys are never stored in plain text in our database
  • Encrypted in transit—all API communications use HTTPS/TLS
  • Zero-knowledge architecture—keys are only decrypted when needed for trading operations

We also strongly recommend that users configure their exchange API keys with trading-only permissions and withdrawal restrictions disabled. This means that even in the extremely unlikely event of a breach, your funds cannot be withdrawn from your exchange account. Monkeys Finance only requires permissions to execute trades, check balances, and view order history.

Additionally, all API keys are encrypted using keys that are stored separately from the database using AWS Secrets Manager, ensuring that even database-level access would not expose your credentials.

Authentication with Clerk

Monkeys Finance uses Clerk for user authentication and identity management, providing enterprise-grade security that far exceeds what custom authentication systems can offer.

Why Clerk over custom authentication? Building secure authentication is notoriously difficult. Common vulnerabilities include session hijacking, credential stuffing, timing attacks, and improper password storage. Clerk is built by security experts who dedicate their entire platform to solving these challenges.

Clerk provides Monkeys Finance users with:

  • Multi-factor authentication (MFA)—add an extra layer of protection with TOTP apps or SMS
  • Passwordless authentication—sign in securely with email magic links or social providers
  • Secure password hashing—bcrypt with individual salts for every password
  • Brute force protection—automatic rate limiting and account lockouts
  • Session management—secure, short-lived tokens with automatic rotation
  • Device fingerprinting—detect and flag suspicious login attempts
  • SOC 2 Type II compliance—independently verified security practices
  • GDPR and CCPA compliant—your data privacy rights are protected

Clerk also provides advanced security features like anomaly detection, which can identify unusual login patterns (such as logins from new locations or devices) and prompt for additional verification. This helps protect your account even if your password is compromised.

By using Clerk, we ensure that your account is protected by constantly updated security measures that adapt to emerging threats. Their dedicated security team monitors for vulnerabilities 24/7 and implements patches immediately, providing a level of security that would be impossible for us to maintain with a custom system.

⚠️ Disclaimer: Trading cryptocurrencies involves significant risk of loss. Past performance does not guarantee future results. Always do your own research before making investment decisions.