12. 🛡️Security Considerations

The Kleber App follows essential security practices to protect user data and ensure secure communication with the InvestGlass backend. Below is a summary of how authentication, token handling, caching, and secure communication are implemented.

🔐 Token-Based Authentication

All API requests are authenticated using an access token
Token behavior:
- ⏱️ Expires after 15 minutes of inactivity
- 🕛 Invalidated automatically after 24 hours
If the token is expired or missing:
- The app receives a 401 Unauthorized response
- The user is redirected to the login/onboarding screen

🧾 Two-Factor Authentication (OTP)

The app supports OTP verification for enhanced login security
Relevant endpoints:
- /portal_auth/send_otp
- /portal_auth/verification_code
Used post-login for verification

📦 Caching Policy

Only non-sensitive data is cached:
- Selected theme (dark / light / system)
- Selected language
- Temporary file/image previews
On logout:
- All cached data is cleared
- Only theme and language settings are preserved

📡 Secure API Communication

All communication is encrypted via HTTPS
Base API endpoints:
- https://staging.investglass.com/client_portal_api/
- https://app.investglass.com/client_portal_api/
Used for login, documents, portfolios, transactions, etc.

🚫 Local Data Storage

No sensitive personal or financial data is stored on the device
Token and session data are short-lived and securely cleared
Local preferences are stored only when required (e.g., theme)

✅ Summary Table

Feature	Description
🔑 Access Token	Required for all API requests; expires after 15 min idle or 24h total
🧾 OTP	Two-factor authentication supported using verification endpoints
📦 Local Caching	Limited to UI preferences and temporary previews
🧹 Cache on Logout	Cleared on logout except for theme/language
🔒 HTTPS Communication	All API traffic is secured via HTTPS
❌ Local Financial Storage	No persistent storage of personal or financial data on device

Updated 4 days ago