Advantage Portfolio Hub

Security

Portfolio Hub handles sensitive financial data, so security is built into the product rather than bolted on. This page explains the measures we take. If you have a security question or want to report a vulnerability, email Contact Us.

Accounts and access

Passwords are never stored in plain text. They are hashed with bcrypt, a slow, industry-standard algorithm designed to resist brute-force attacks. We enforce email verification on new accounts and support two-factor authentication (2FA) using one-time codes, so a stolen password alone is not enough to access an account.

Portfolio Hub is multi-user with role-based access. Each user sees only the accounts and clients they are authorized to view, and administrators control who can access what.

Session and application security

Sessions use secure, HttpOnly cookies with the Same Site attribute set to limit cross-site exposure. Forms are protected against cross-site request forgery (CSRF) using per-request tokens. The application is served over HTTPS, so data in transit is encrypted.

We follow standard practices to guard against common web vulnerabilities, including parameterized database queries to prevent SQL injection and output escaping to prevent cross-site scripting.

Data and hosting

Application data is stored in a MySQL database on managed hosting. Transactional and notification email is sent through SendGrid. We keep the underlying platform and dependencies patched, and we take regular database backups so data can be restored if something goes wrong.

Account alerts

Portfolio Hub sends security alerts for sensitive activity such as sign-ins and password changes. If you receive an alert for something you did not do, change your password immediately and contact us. You can manage which alerts you receive in your profile.

Responsible disclosure

If you believe you have found a security vulnerability, please report it to support@advantageportfoliohub.com before disclosing it publicly. We will investigate promptly and work with you on a fix. We appreciate reports made in good faith and will not pursue action against researchers who follow responsible disclosure.

No absolute guarantees

We work hard to protect your data, but no system is perfectly secure. We cannot guarantee that unauthorized access will never occur. Use a strong, unique password, enable two-factor authentication, and keep your login credentials confidential.

Scroll to Top