Nerve logo
Nervenerveqi.com
SecurityLegalAbout
Sign inGet started

Security

How we protect your broker credentials

Cognitosphere built Nerve with credential isolation, encryption at every layer, and read-only broker access—designed for institutional trust and Kite Connect OAuth review.

Security by design

Built for broker OAuth review and institutional due diligence. Every connection is authenticated, encrypted, and limited to read-only portfolio data.

  • Official Kite OAuth

    Broker authorisation uses Zerodha’s official Kite Connect login. Your Zerodha password is entered only on Zerodha’s website.

  • Read-only access

    Nerve requests portfolio read permissions only. We do not place orders, modify positions, or initiate withdrawals on your behalf.

  • Encrypted token storage

    Access tokens are encrypted with AES-256-GCM before storage. Plain-text broker credentials are never persisted.

  • You stay in control

    Disconnect Kite at any time from your dashboard. Revoke access from your Zerodha account settings as well.

Kite Connect OAuth flow

Broker connection uses the official Zerodha Kite Connect OAuth 2.0 authorisation flow. When you connect, you are redirected to Zerodha's login and consent screens. Cognitosphere never receives your Zerodha password, OTP, or PIN.

After you approve access, Zerodha redirects to our registered HTTPS callback endpoint:

Registered redirect URI

https://nerveqi.com/api/kite/callback

Token exchange completes entirely on the server. Request tokens and access tokens are never written to browser storage or exposed to client-side code.

Scope of broker access

Nerve uses Kite Connect for read-only portfolio operations: holdings, positions, and metadata required to display your dashboard and sync snapshots to authorised hardware.

  • No order placement, modification, or cancellation
  • No fund transfers or withdrawals
  • No storage of Zerodha login credentials
  • Devices receive portfolio snapshots—not broker tokens

Token encryption & storage

Kite access tokens are encrypted with AES-256-GCM using a dedicated server-side key before being stored in PostgreSQL. Each record uses a unique initialization vector and authentication tag. Decryption occurs only inside authenticated server processes during an authorised sync.

Database access is restricted to application services. Row-level controls and authenticated API routes ensure each user accesses only their own portfolio and device records.

Authentication & sessions

User accounts use enterprise-grade identity management with secure session handling. All dashboard and API routes require a valid authenticated session. Connected devices use separate hardware-bound session tokens stored as one-way hashes.

All traffic is served over TLS. Session cookies use secure, HTTP-only attributes.

Data infrastructure

  • PostgreSQL — encrypted relational storage for profiles, broker connections, and portfolio snapshots
  • Application services — server-side API execution with no client-side token handling
  • Zerodha Kite Connect — broker OAuth and portfolio API, invoked only after your explicit consent

Your controls

Disconnect Kite from your dashboard at any time. Revoke third-party app access from your Zerodha account settings. Account deletion requests are handled per our Privacy Policy.

Responsible disclosure

Security researchers and broker compliance teams may report concerns to santhosh@hmct.in.

At a glance

  • Official Kite OAuth. Broker authorisation uses Zerodha’s official Kite Connect login. Your Zerodha password is entered only on Zerodha’s website.
  • Read-only access. Nerve requests portfolio read permissions only. We do not place orders, modify positions, or initiate withdrawals on your behalf.
  • Encrypted token storage. Access tokens are encrypted with AES-256-GCM before storage. Plain-text broker credentials are never persisted.
  • You stay in control. Disconnect Kite at any time from your dashboard. Revoke access from your Zerodha account settings as well.
Nerve logo
Nerve

Secure portfolio sync and device alerts for professional traders. A Cognitosphere product · Hedge Matrix Capital Trust.

Company

  • About
  • Security
  • Contact

Legal

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Investment Disclaimer

© 2026 Cognitosphere. All rights reserved. Hedge Matrix Capital Trust.

Nerve uses Zerodha Kite Connect for read-only portfolio access. Not investment advice. Disclaimer · Security