Security & custody model
You keep custody. AlphaWeg places orders you approve. You sign in on your broker's own website, and your broker issues AlphaWeg a limited, revocable token — AlphaWeg never sees your password.
The connection model
Delegated authorization, not credential-sharing
AlphaWeg connects to your brokerage account using delegated authorization. You sign in on your broker's own website, and your broker issues AlphaWeg a limited-purpose access token. AlphaWeg never sees, stores, or transmits your brokerage username or password, and the access it receives is designed to request order-entry access; the exact scope of any token is granted and controlled by your broker, and is not intended to permit withdrawing, transferring, or moving your funds. Your funds and securities stay in your own brokerage account, in your name, the entire time — and you can revoke AlphaWeg's access whenever you choose.
What this guarantees
Six commitments, built into the design
Each of these reflects the design principles of delegated authorization.
Your password stays with you
You enter your brokerage credentials only on your broker's own site — AlphaWeg never sees, stores, or transmits your username or password.
No password storedOrder-entry access only
The token your broker issues to AlphaWeg is designed to request order-entry access; the exact scope of any token is granted and controlled by your broker, and is not intended to permit withdrawing, transferring, or moving your funds.
Scoped tokenYou keep custody of your assets
Your cash and securities remain in your own brokerage account, held in your name, at all times.
Custody stays with youEvery trade is yours to approve
AlphaWeg can prepare an order, but no order is placed without your manual, per-trade approval.
Human in the loopRevoke anytime
You can end AlphaWeg's access whenever you choose — from AlphaWeg or directly from your broker — and access stops.
RevocableEncrypted and least-privilege by design
All data moves over connections encrypted in transit (TLS), and AlphaWeg requests only the minimum permissions needed to do its job.
Encrypted transportWhy it matters
Why delegated authorization is safer than sharing a password
The difference is not a policy choice. It is a difference in what is technically possible for the software to do.
Sharing a brokerage password — or letting a third party hold your login credentials — gives that party the full range of actions your own login can perform, with no built-in limit and no clean way to cut off access short of changing your password.
Delegated authorization is built on a different principle. Instead of copying your credentials, your broker issues a separate, limited token that grants only the specific permissions you approve. Because that token is scoped and independently revocable, access can be narrow by design and switched off without disturbing your login.
This is the same least-privilege model that underlies modern "Sign in with…" and connected-app authorization across the software industry, applied here to trading.
In plain terms
AlphaWeg is software. Your broker is the custodian.
AlphaWeg is decision-support software that you drive. It is not a broker-dealer, an investment adviser, or a custodian of funds. Your brokerage account — including your cash, your securities, and the regulatory protections that come with them — stays with your own broker, which remains the regulated custodian of your assets. AlphaWeg holds only a scoped, revocable order-entry token that you control, and it never holds or moves your money.
Trading involves substantial risk of loss and is not suitable for every investor. To understand those risks in full, read our Risk Disclosure. To see the full connect-and-approve flow step by step, see How it works.