Security
Source files require a controlled intake path.
Trade Recovery Data does not request real import/export source files until the paid-screen scope, authorized contact, and secure intake route are confirmed.
Current controls
- Public site uses Cloudflare Pages with security headers.
- Email authentication records are staged and publicly visible: Google MX, SPF, DMARC, and DKIM TXT.
- External outreach remains blocked until internal SPF/DKIM/DMARC header evidence is recorded.
- Payment collection remains blocked until entity, processor, and intake path are approved.
File-handling rule
Do not send source files through open email before receiving an approved intake instruction. Initial fit checks should discuss only data availability, data owners, source systems, date ranges, and matching keys.
Security contact
Report file-handling or security concerns to channing@traderecoverydata.com.