Security & Data
How Risk Radar handles your data, credentials, and account access.
Core Security Principles
- ✓ Read-only monitoring. Risk Radar cannot place, modify, or cancel orders.
- ✓ Your IBKR credentials never leave your machine. We never ask for, receive, or store your IBKR login.
- ✓ Agent runs locally. The monitoring agent runs on your machine, next to your IB Gateway or TWS.
- ✓ No trading signals. No predictions, no recommendations. Informational only.
- ✓ Dedicated monitor user. Risk Radar connects via a separate read-only IBKR user with no trading permissions.
Architecture
Risk Radar has two components: a local agent (runs on your machine) and a hosted backend (runs on our servers).
| Component | Location | What It Accesses |
|---|---|---|
| Agent | Your machine | IB Gateway API (localhost only), your .env config file |
| IB Gateway | Your machine | IBKR servers (your login session) |
| Backend | Hetzner EU (Germany) | Account snapshots and alerts sent by your agent |
| Dashboard | risk-radars.com | Backend API (read-only display) |
| Telegram | Your Telegram bot | Alert messages from your agent |
What Data Stays on Your Machine
- IBKR credentials — your username, password, and 2FA are never shared with us
- IB Gateway session — runs under your control, on your machine
- Agent configuration (
.env) — contains your Telegram token and backend auth credentials - Agent logs — stored locally
What Data Is Sent to Our Backend
The agent sends periodic snapshots to the hosted backend so the dashboard can display your account status and alert history:
| Data | Frequency | Contains |
|---|---|---|
| Account snapshot | Every 5 seconds | Net liquidation value, daily P&L, margin ratio, gross exposure, position count, position summary |
| Alert events | When rules trigger | Rule name, severity, current value, threshold, timestamp |
| Agent heartbeat | Every 60 seconds | Agent status (connected/disconnected) |
Backend Security
| Measure | Details |
|---|---|
| Hosting | Hetzner EU (Germany) — GDPR-compliant jurisdiction |
| Transport | HTTPS only (TLS 1.2+). All agent-to-backend communication is encrypted. |
| API access | Protected by Cloudflare Access. Each beta user receives a unique service token. |
| Dashboard access | Protected by Cloudflare Access with email-based OTP authentication. |
| Database | SQLite, stored on the server. Daily automated backups. |
| Token management | Per-user service tokens. Revocable at any time. |
Dedicated Monitor User
Risk Radar requires a dedicated IBKR monitor user — a separate login created specifically for monitoring. This user should have:
- Read-only permissions — no order placement capability
- Trading disabled — cannot execute trades even if instructed
- Access to account values, portfolio, and positions — needed for monitoring
Your normal trading login (TRADER_USER) is never used by Risk Radar. The monitor user runs in IB Gateway while you trade normally in TWS or the mobile app — no session conflicts.
IB Gateway API Settings
The agent connects to IB Gateway via the official TWS API on localhost. Recommended settings:
| Setting | Recommended Value |
|---|---|
| Enable ActiveX and Socket Clients | Checked ✅ |
| Socket port | 4001 (live) or 4002 (paper) |
| Read-Only API | Checked ✅ |
| Allow connections from localhost only | Checked ✅ |
| Master API client ID | Leave empty |
With Read-Only API enabled and localhost only checked, the agent cannot place orders and no external machine can connect — even if the software had a bug.
What Risk Radar Cannot Do
- Cannot place, modify, or cancel orders
- Cannot transfer funds
- Cannot change account settings
- Cannot access other IBKR accounts
- Cannot bypass IBKR 2FA
- Cannot act as a kill switch (no order cancellation capability)
Data Retention
| Data | Retention |
|---|---|
| Account snapshots | 90 days (beta), then configurable |
| Alert history | 90 days (beta), then configurable |
| Agent logs (local) | Your machine — your control |
Incident Response
If you suspect a security issue with Risk Radar:
- Stop the agent on your machine (
Ctrl+Cor stop the service) - Revoke the service token (contact the founder)
- Change your IBKR monitor user password (in IBKR Account Management)
The agent stops immediately when killed. No data is sent after the process stops.
Questions?
If you have security concerns or questions about how your data is handled, contact the founder directly. We take this seriously — monitoring tools must hold themselves to a higher standard than the systems they watch.