Security & custody model

You keep custody. AlphaWeg places orders you approve. You sign in on your broker's own website, and your broker issues AlphaWeg a limited, revocable token — AlphaWeg never sees your password.

The connection model

Delegated authorization, not credential-sharing

AlphaWeg connects to your brokerage account using delegated authorization. You sign in on your broker's own website, and your broker issues AlphaWeg a limited-purpose access token. AlphaWeg never sees, stores, or transmits your brokerage username or password, and the access it receives is designed to request order-entry access; the exact scope of any token is granted and controlled by your broker, and is not intended to permit withdrawing, transferring, or moving your funds. Your funds and securities stay in your own brokerage account, in your name, the entire time — and you can revoke AlphaWeg's access whenever you choose.

What this guarantees

Six commitments, built into the design

Each of these reflects the design principles of delegated authorization.

Your password stays with you

You enter your brokerage credentials only on your broker's own site — AlphaWeg never sees, stores, or transmits your username or password.

No password stored

Order-entry access only

The token your broker issues to AlphaWeg is designed to request order-entry access; the exact scope of any token is granted and controlled by your broker, and is not intended to permit withdrawing, transferring, or moving your funds.

Scoped token

You keep custody of your assets

Your cash and securities remain in your own brokerage account, held in your name, at all times.

Custody stays with you

Every trade is yours to approve

AlphaWeg can prepare an order, but no order is placed without your manual, per-trade approval.

Human in the loop

Revoke anytime

You can end AlphaWeg's access whenever you choose — from AlphaWeg or directly from your broker — and access stops.

Revocable

Encrypted and least-privilege by design

All data moves over connections encrypted in transit (TLS), and AlphaWeg requests only the minimum permissions needed to do its job.

Encrypted transport

Why it matters

Why delegated authorization is safer than sharing a password

The difference is not a policy choice. It is a difference in what is technically possible for the software to do.

Sharing a brokerage password — or letting a third party hold your login credentials — gives that party the full range of actions your own login can perform, with no built-in limit and no clean way to cut off access short of changing your password.

Delegated authorization is built on a different principle. Instead of copying your credentials, your broker issues a separate, limited token that grants only the specific permissions you approve. Because that token is scoped and independently revocable, access can be narrow by design and switched off without disturbing your login.

This is the same least-privilege model that underlies modern "Sign in with…" and connected-app authorization across the software industry, applied here to trading.

In plain terms

AlphaWeg is software. Your broker is the custodian.

AlphaWeg is decision-support software that you drive. It is not a broker-dealer, an investment adviser, or a custodian of funds. Your brokerage account — including your cash, your securities, and the regulatory protections that come with them — stays with your own broker, which remains the regulated custodian of your assets. AlphaWeg holds only a scoped, revocable order-entry token that you control, and it never holds or moves your money.

Trading involves substantial risk of loss and is not suitable for every investor. To understand those risks in full, read our Risk Disclosure. To see the full connect-and-approve flow step by step, see How it works.