Security
Your capital is protected by multiple layers of security—from your broker and from us.
Even if CameronAI were hacked, your money is safe
API keys only allow trading—not withdrawals. Your funds are held by Alpaca, not us. The only way your money could be at risk is if Alpaca itself were compromised.
Alpaca Security
Your broker's regulatory protections
SEC Registered Broker-Dealer
Your funds are held by Alpaca Securities LLC—not CameronAI. Alpaca is regulated by the SEC and a member of FINRA (CRD #283493).
SIPC Insurance
Your account is insured up to $500,000 (including $250,000 for cash) against broker failure. This protects you if Alpaca goes bankrupt—not against market losses.
Trade-Only API Access
The API keys you provide can only place trades and view positions. They cannot withdraw funds, change banking details, or transfer money. Only you can move your money.
SEC
Regulated
FINRA
Member
SIPC
Insured
CameronAI Security
How we protect your credentials
AES-256 Encryption
Your API keys are encrypted with AES-256 before storage. All data in transit uses TLS 1.3. Keys are never stored in plain text.
Clerk Authentication
We use Clerk for secure authentication with rate limiting, bot protection, and suspicious login detection. Failed login attempts are tracked and blocked.
Full Trade Transparency
Every trade is visible in your Alpaca dashboard and ours. No hidden actions, no surprises.
Understanding API Keys
Think of API keys like a valet key—we can drive (trade), but can't access the trunk (withdrawals).
What API Keys CAN Do
- • Place buy and sell orders
- • View your positions
- • Check account balance
What API Keys CANNOT Do
- • Withdraw funds
- • Transfer money
- • Change banking details
You're always in control: Revoke your API keys anytime from your Alpaca dashboard. The moment you do, CameronAI loses all access immediately.