End-to-end encryption
User-to-user chat messages are encrypted using Signal Protocol or equivalent. We cannot read message content. Only metadata (timestamps, delivery state) is visible to us.
Account security is non-negotiable. Here's how we authenticate users, protect transactions, and respond to incidents.
TRADICOMM uses your phone number as the primary authentication identifier. This is deliberate: phone numbers are the trusted identity anchor for mobile users worldwide, and carrier-verified SMS delivery provides a strong second factor without requiring a password manager or authenticator app.
On first sign-in and for security-sensitive actions, we verify your identity via SMS one-time password (OTP). Once you have established a trusted device, you may enable biometric authentication (Face ID, Touch ID, or Android Biometric) as a fast step-up for repeat sign-in.
Regulator note
TRADICOMM uses SMS exclusively for security-critical authentication actions listed below. We never include promotional or marketing content in SMS messages.
Account registration
Confirms you own the phone number you are registering with before the account is created.
Login verification
Confirms it is really you signing in โ especially on a new device or after a period of inactivity.
Password / PIN reset
Confirms you control the registered phone number before any credentials are reset.
Sensitive account changes
Required when changing your registered phone number, email address, linked payout account, or core business details.
Payment / payout authorization
Confirms you authorized a high-value transaction or a new payout destination before funds move.
Suspicious-activity confirmation
If our fraud-detection engine flags an unusual sign-in attempt, we ask you to confirm via OTP before granting access.
User-to-user chat messages are encrypted using Signal Protocol or equivalent. We cannot read message content. Only metadata (timestamps, delivery state) is visible to us.
All communication between the TRADICOMM client and our servers is encrypted in transit using TLS 1.3.
Sensitive fields (payment details, KYC data, authentication credentials) are encrypted at rest in our infrastructure.
Every login and transaction is scored by our fraud-detection system. Anomalies trigger additional verification or account-safety measures.
Trusted devices are tracked so that sign-in from an unrecognized device always triggers fresh OTP verification.
For high-value actions on trusted devices, Face ID / Touch ID / Android Biometric provides a fast, phishing-resistant second factor.
If you discover a security vulnerability in the TRADICOMM platform, website, or mobile application, please disclose it responsibly. We prefer PGP-encrypted email where possible.
Email: security@tradicomm.com โ PGP key available on request.
We respond to critical reports within 24 hours and operate a coordinated disclosure policy: we ask that you give us reasonable time to investigate and remediate before publishing details publicly.