QuantvexQuantvex/ Security
Security

Your money and data are protected by design.

We built Quantvex with a security-first architecture. Here's exactly what we do to keep your account, credentials, and trading activity safe.

🚫We cannot withdraw your funds
πŸ”’Credentials encrypted at rest
πŸ‘οΈWe never see your password
πŸ“ŠFull audit log of all actions

Security practices

πŸ”

End-to-End Encryption

All data in transit is encrypted with TLS 1.3. Broker API credentials stored at rest use AES-256 encryption. Encryption keys are rotated automatically.

πŸ›‘οΈ

Zero-Knowledge Credentials

We never see your broker account password. Your MetaAPI token is stored encrypted and used only by the execution engine β€” it cannot be retrieved in plaintext by any Quantvex employee.

πŸ”‘

Multi-Factor Authentication

Account authentication is handled by Clerk, a SOC 2 Type II certified identity provider supporting MFA via authenticator apps and SMS.

πŸ“‹

Audit Logging

Every API action, trade instruction, and admin operation is logged with a timestamp, source IP, and user identifier. Logs are retained for 90 days.

🚨

Circuit Breaker System

Our engine includes an automated circuit breaker that halts trading if unusual loss patterns, API failure rates, or other anomalies are detected β€” protecting your account from runaway automation.

🌐

Infrastructure Security

The platform runs on Vercel and Render with network-level firewalls, DDoS protection, and isolated container environments. No public SSH or admin ports are exposed.

πŸ”„

Regular Security Reviews

We conduct internal security reviews on every major release. Dependencies are monitored continuously with automated vulnerability scanning.

πŸ“¦

Minimal Data Principle

We collect only the data required to operate the platform. We do not collect or store raw tick data, trading history beyond what's needed for signal feedback, or any unnecessary personal data.

Security FAQs

Can Quantvex withdraw my funds?

No. Quantvex connects to your broker via a read-and-trade API token only. This token cannot authorise withdrawals, transfers, or changes to your account details. Your funds remain fully under your control.

What happens if my MetaAPI token is compromised?

Revoke the token immediately from your broker's API settings and from your Quantvex dashboard. The token can only be used to open and close trades β€” it has no withdrawal or account modification permissions.

Is my login password stored by Quantvex?

No. Authentication is handled entirely by Clerk. Quantvex never receives or stores your password. Clerk is SOC 2 Type II certified and uses bcrypt hashing for any credential storage.

How do I report a security vulnerability?

Please email support@quantvex.dev with the subject line "Security Vulnerability". We will acknowledge within 24 hours and aim to resolve critical issues within 48 hours.

Found a security issue?

We take all security reports seriously. Please disclose responsibly and we'll acknowledge within 24 hours.

Report a Vulnerability β†’