Your Trade Documents Are Sensitive. We Treat Them That Way.
Tradevynt handles confidential commercial invoices, bill of lading data, and buyer financial information. Our security programme is designed around this responsibility — not as a checkbox.
How We Protect Your Data
Encryption in Transit and at Rest
All data transmitted between your browser or ERP and the Tradevynt platform is encrypted using TLS 1.3. Document files and transaction records are encrypted at rest using AES-256. Encryption keys are managed using a dedicated key management service with key rotation.
Role-Based Access Controls
Access to your account data is restricted by role. Tradevynt staff can only access the data necessary for their function — document verification analysts cannot access payment account details; credit analysts cannot access documents beyond what their scoring model requires. Enforced at the API level.
Document Handling Controls
Uploaded trade documents are stored in isolated containers with access logging. Documents used for verification are retained for the period required by applicable law; documents beyond retention periods are deleted. You control document deletion requests via your dashboard.
Audit Logging
Every action in your account — document upload, advance acceptance, disbursement, team member login — is logged with timestamp, actor, and IP address. Audit logs are immutable and retained for 7 years to support compliance with financial regulations.
Infrastructure and Data Residency
Tradevynt's infrastructure is hosted on cloud providers with data centres in the EU (Frankfurt) and US East (Virginia). EU client data is processed primarily within EU data centres to support GDPR obligations. Disaster recovery includes regular encrypted backups tested quarterly.
Authentication and Session Control
Multi-factor authentication is required for all Tradevynt accounts. Session tokens expire after 8 hours of inactivity. Force-logout is available from the dashboard if you suspect unauthorised access. Account activity alerts are sent by email for logins from new devices or locations.
How We Use Sub-Processors
We use a limited set of vetted third-party services to operate the platform. Each is subject to data processing agreements.
| Service category | Purpose | Data shared |
|---|---|---|
| Cloud hosting | Infrastructure, storage | All platform data (encrypted) |
| SWIFT connectivity | Payment disbursements | Bank account, payment amount |
| Email delivery | Transaction notifications | Email address, notification content |
| Carrier data API | B/L verification | B/L reference, carrier, vessel data |
| Company registry API | Buyer scoring | Buyer company identifier (no personal data) |
Full sub-processor list is available on request. To request disclosure under applicable privacy law, contact [email protected].
Responsible Disclosure
If you discover a security vulnerability in the Tradevynt platform, please report it responsibly. We investigate all reports and respond within 5 business days.