Security
Security & Data Protection.
How HEVEA Genius protects your account, payments, data, and the integrity of the fund’s published track record.
Track record integrity
Blockchain verification
The most important
security feature.
Every insight published by HEVEA Genius is cryptographically timestamped on the Bitcoin blockchain — before any market outcome is known.
SHA-256 hashing
The complete content of each insight is processed through SHA-256 hashing — entry, stop, target, direction, timestamp.
OP_RETURN on Bitcoin
The hash is embedded in a Bitcoin transaction via OP_RETURN and broadcast to the network. Permanent and immutable.
Public verification
The transaction ID is published alongside each insight. Anyone can verify independently on mempool.space.
Platform & account security
HTTPS everywhere
All connections use TLS 1.3. No unencrypted HTTP traffic on any platform endpoint.
Stripe payments
All payments processed by Stripe. HEVEA Genius never stores card numbers or banking data.
Passwords hashed
Account passwords are hashed using bcrypt. HEVEA Genius staff cannot see your password.
Session security
Sessions are token-based, expire automatically, and are invalidated on password change or logout.
API security (Institutional)
HMAC-SHA256 signatures
Every webhook delivery is signed with HMAC-SHA256 using your secret key. Verify on your end before processing.
API key management
API keys can be rotated or revoked at any time from your dashboard. Principle of least privilege enforced.
Client-side kill switch
Pause all signal delivery instantly without contacting support. Resume when ready — full control, always.
Security concerns or questions?
Contact our team directly. We take security reports seriously and respond within 24 hours.
Contact security team →