Security

Your trading data security is our top priority. Learn how we protect your information.

Last updated: June 13, 2025

Our Commitment to Security

At Qwantify, we understand that your trading data is highly sensitive and valuable. We've implemented enterprise-grade security measures to ensure your information remains private, secure, and accessible only to you.

Data Encryption

Encryption in Transit

  • TLS 1.3: All data transmission uses the latest Transport Layer Security protocol
  • HTTPS Everywhere: Every connection to our platform is encrypted
  • Perfect Forward Secrecy: Each session uses unique encryption keys
  • Certificate Pinning: Protection against man-in-the-middle attacks

Encryption at Rest

  • AES-256: Industry-standard encryption for stored data
  • Database Encryption: All databases are encrypted with separate keys
  • File System Encryption: Server storage is fully encrypted
  • Key Management: Encryption keys are stored in dedicated hardware security modules

Infrastructure Security

Cloud Security

  • SOC 2 Type II Compliance: Independently audited security controls
  • ISO 27001 Certified: Information security management standards
  • PCI DSS Compliant: Payment card industry security standards
  • GDPR Compliant: European data protection regulations

Network Security

  • WAF Protection: Web Application Firewall blocks malicious traffic
  • DDoS Mitigation: Protection against distributed denial-of-service attacks
  • IP Allowlisting: Restrict access by IP address when requested
  • Rate Limiting: API rate limits prevent abuse and overload

Server Security

  • Hardened Systems: Minimal attack surface with unnecessary services disabled
  • Automatic Updates: Security patches applied immediately
  • Intrusion Detection: 24/7 monitoring for suspicious activity
  • Isolated Environments: Production systems isolated from development

Application Security

Secure Development

  • Secure Coding Standards: Following OWASP security guidelines
  • Code Reviews: Mandatory security reviews for all code changes
  • Static Analysis: Automated security scanning during development
  • Dependency Scanning: Regular checks for vulnerable third-party libraries

Runtime Protection

  • Input Validation: All user inputs are validated and sanitized
  • SQL Injection Prevention: Parameterized queries and ORM protection
  • XSS Protection: Content Security Policy and output encoding
  • CSRF Protection: Anti-forgery tokens on all state-changing operations

Access Control

User Authentication

  • Multi-Factor Authentication: Optional 2FA using TOTP or SMS
  • Strong Password Requirements: Enforced complexity and length
  • Password Hashing: bcrypt with high cost factors
  • Session Management: Secure session tokens with automatic expiration

Authorization

  • Role-Based Access: Granular permissions based on user roles
  • Principle of Least Privilege: Users access only what they need
  • API Key Management: Secure generation and rotation of API keys
  • Audit Trails: Complete logging of all access and modifications

Data Protection

Data Handling

  • Data Minimization: We collect only necessary information
  • Purpose Limitation: Data used only for stated purposes
  • Retention Policies: Automatic deletion after retention periods
  • Data Segregation: Customer data isolated and properly tagged

Backup and Recovery

  • Encrypted Backups: All backups encrypted with separate keys
  • Geographic Distribution: Backups stored in multiple regions
  • Recovery Testing: Regular disaster recovery drills
  • RTO/RPO: 4-hour recovery time, 1-hour data loss maximum

Monitoring and Incident Response

Security Monitoring

  • 24/7 SOC: Security Operations Center monitoring
  • SIEM Integration: Real-time security event correlation
  • Anomaly Detection: AI-powered behavior analysis
  • Threat Intelligence: Integration with global threat feeds

Incident Response

  • Response Team: Dedicated security incident response team
  • Escalation Procedures: Clear protocols for different incident types
  • Customer Communication: Prompt notification of any security incidents
  • Post-Incident Analysis: Thorough investigation and improvement plans

Security Testing

Regular Assessments

  • Penetration Testing: Quarterly third-party security assessments
  • Vulnerability Scanning: Continuous automated security scans
  • Code Audits: Regular security-focused code reviews
  • Red Team Exercises: Simulated attack scenarios

Bug Bounty Program

We maintain a responsible disclosure program where security researchers can report vulnerabilities. All valid reports are acknowledged within 24 hours and resolved according to severity.

Trading Platform Security

Exchange Integration

  • Read-Only Access: We never request trading permissions
  • API Key Security: Encrypted storage of exchange credentials
  • IP Restrictions: Recommend IP allowlisting on exchange accounts
  • Minimal Permissions: Request only necessary API permissions

Data Security

  • Trade Data Encryption: All trading data encrypted separately
  • Anonymization Options: Remove personally identifiable information
  • Data Export Controls: Secure export with audit trails
  • Deletion Rights: Complete data removal upon request

Compliance and Certifications

  • SOC 2 Type II: Annual security and availability audits
  • ISO 27001: Information security management certification
  • PCI DSS Level 1: Payment card industry compliance
  • GDPR: European Union data protection compliance
  • CCPA: California Consumer Privacy Act compliance
  • FINRA Guidelines: Following financial industry best practices

Your Security Responsibilities

Account Security

  • Use strong, unique passwords for your Qwantify account
  • Enable multi-factor authentication (highly recommended)
  • Keep your contact information up to date
  • Report suspicious activity immediately
  • Log out from shared or public computers

Trading Account Security

  • Use read-only API keys when connecting exchanges
  • Enable IP allowlisting on your exchange accounts
  • Regularly rotate your API keys
  • Monitor your exchange accounts for unauthorized access
  • Keep your trading platform credentials secure

Security Contact

If you discover a security vulnerability or have security concerns, please contact our security team:

  • Security Email: info@qwantify.io
  • PGP Key: Available upon request
  • Response Time: Within 24 hours for security issues
  • Bug Bounty: Responsible disclosure program available

Security Updates

This security documentation is regularly updated to reflect our current security practices. For the latest security announcements and updates, please check our security blog or subscribe to our security notifications.