Security Policy

01Overview

Good Omen Trading LLC operates two products: Good Omen (automated execution platform) and Good Omen Tools (tools.goodomentrading.com). This policy describes our security practices across both products.

02Data Classification and Handling

Good Omen — sensitive data

OAuth access tokens, admin authentication tokens, and PostgreSQL credentials are classified as sensitive. Stored exclusively in Railway environment variables — never in source code, logs, or external storage.

Good Omen — user data

Brokerage account data (equity, positions, order history) is retrieved in real time and held only in memory during request processing. No brokerage account data is persisted beyond trade tracking (symbol, qty, entry/exit price, realized P&L).

Good Omen Tools — sensitive data

Clerk authentication tokens, Stripe payment metadata, and the admin secret are classified as sensitive. Stored in Cloudflare Worker environment variables — never in source code or logs.

Good Omen Tools — user data

Content submitted for analysis (Pine Script, backtest data) is transmitted to Anthropic's API for processing and is not retained after analysis is complete. Analysis results are stored in Cloudflare KV scoped to the authenticated user. Raw submitted content is never stored.

Data minimization

We collect only the data necessary to operate each product. No personally identifiable information beyond email address is stored.

03Access Control and Privileged Access Management

Good Omen Tools — user authentication

Users authenticate via Clerk (email/password or Google OAuth). All authenticated API calls require a valid Clerk JWT. The admin console is additionally restricted to an allowlisted set of Clerk user IDs and requires a separately managed admin secret.

Good Omen — admin authentication

All administrative endpoints require a shared secret token transmitted via HTTPS header. Tokens are randomly generated and stored as Railway environment variables.

Production access

Railway services are accessible only to authorized founders via Railway CLI with two-factor authentication. No shared credentials. Access is revoked immediately upon any personnel change.

Principle of least privilege

OAuth tokens are scoped to the minimum permissions required (account:write trading). No administrative brokerage permissions are requested.

04Encryption of Data at Rest and in Transit

Data in transit

All client communication is encrypted via TLS 1.2+ enforced by Railway (Good Omen) and Cloudflare (Good Omen Tools). Alpaca and Anthropic API communication uses HTTPS exclusively.

Data at rest — Good Omen

PostgreSQL data is encrypted at rest by Railway's managed database service.

Data at rest — Good Omen Tools

Analysis results and Edge balances are stored in Cloudflare KV, encrypted at rest by Cloudflare.

Secrets management

No secrets are stored in source code or version control. Good Omen credentials are managed via Railway environment variables. Good Omen Tools credentials are managed via Cloudflare Worker environment variables.

05Vulnerability Management and Patch Management

Python dependencies (Good Omen) are managed via pip with pinned versions and reviewed before each release. Good Omen Tools has no client-side build step — SDK versions are pinned explicitly. GitHub Dependabot alerts are monitored. Railway and Cloudflare manage underlying infrastructure and apply security patches automatically. All code changes are reviewed before deployment. GitHub branch protection requires review before merging to main.

06Incident Response and Disaster Recovery

Incident detection

Good Omen posts real-time alerts to a private Discord channel for all system events including broker disconnections, circuit breaker trips, and authentication failures. Uptime monitoring alerts founders within 60 seconds of service downtime.

Incident response

In the event of a security incident: (1) Kill switch enabled immediately to halt all trading, (2) Affected credentials rotated within 1 hour, (3) Impacted users notified within 24 hours, (4) Root cause analysis documented.

Disaster recovery

Railway provides automated PostgreSQL backups with point-in-time recovery. Target RTO: 4 hours. RPO: 24 hours.

07Physical Security

All production infrastructure is cloud-hosted on Railway (AWS-backed) and Cloudflare. Physical security is managed by Railway/AWS and Cloudflare in accordance with their respective SOC 2 Type II certifications. Founder workstations use full-disk encryption (FileVault on macOS). Screens are locked when unattended. Production credentials are not stored on local workstations.

08Vendor Risk Management

• Railway — SOC 2 Type II. Hosts Good Omen execution platform. Manages infrastructure, OS patching, and PostgreSQL encryption.
• Cloudflare — SOC 2 Type II. Hosts Good Omen Tools serverless API and KV storage. Manages DDoS protection and TLS termination.
• Clerk — SOC 2 Type II. Manages user identity, session tokens, and Google OAuth for Good Omen Tools.
• Alpaca Securities LLC — FINRA/SIPC member broker-dealer. Provides brokerage API and OAuth infrastructure for Good Omen.
• Anthropic — AI analysis engine for Good Omen Tools. Submitted content is transmitted transiently for processing. No personally identifiable information is included in API calls.
• Stripe — PCI DSS Level 1. Processes Edge pack purchases for Good Omen Tools. No card data is handled by Good Omen Trading LLC.
• Vercel — Hosts static files for both products. No user data or credentials are processed by Vercel.

09Business Continuity

Good Omen runs on Railway's always-on infrastructure with automatic restart on failure. The retry queue preserves unexecuted signals during brief outages. Good Omen Tools runs on Cloudflare Workers with global redundancy. Both founders are trained on all operational procedures. The Emergency Runbook documents all critical procedures.

10Contact

Security questions or disclosures? Contact us at ethan@goodomentrading.com.