Cybersecurity Policy

Last Updated: February 2026

MarketQuants maintains security practices designed to protect the confidentiality, integrity, and availability of platform systems and user data.

MarketQuants is an independent software platform and is not a broker-dealer, financial institution, or custodian of customer assets.

Governance & Responsibility

Cybersecurity oversight is managed by company leadership and authorized technical personnel.

Access to production systems and sensitive resources is granted strictly on a need-to-know basis and follows the principle of least privilege.

Infrastructure Security

MarketQuants operates using reputable cloud infrastructure providers, including:

DigitalOcean App Platform
Vercel
MongoDB Atlas

These providers maintain physical and network-level protections such as:

Managed firewalls
Intrusion detection systems
Automated infrastructure patching
Network isolation controls

Application services are deployed using hardened and minimal runtime environments to reduce attack surface exposure.

Access Controls

System access is protected through layered authentication and authorization controls:

Multi-Factor Authentication (MFA) required for administrative access
Role-based authorization controls
Token-based authentication mechanisms (JWT)
Secure segregation between development, staging, and production environments
Managed secrets storage for credentials and service tokens

Data Protection

Encryption

All data in transit is encrypted using modern TLS protocols.
Persistent data storage utilizes encryption provided by managed database services.

Third-Party Integrations

MarketQuants supports optional connections to third-party service providers through secure OAuth-based authorization.

Users authenticate directly with the third-party provider.
MarketQuants does not receive or store brokerage login credentials.
Access permissions are limited in scope and may be revoked by users at any time through the provider.

Endpoint Security

Administrative and development systems are required to:

Run supported operating systems
Enable automatic security updates
Use endpoint protection controls
Maintain full-disk encryption

Access to production infrastructure is restricted, logged, and monitored.

Monitoring & Maintenance

Platform systems utilize logging, monitoring, and alerting mechanisms provided by cloud infrastructure vendors to detect abnormal activity and operational risks.

Software dependencies are managed through controlled versioning and periodic updates to reduce supply-chain vulnerabilities.

Incident Response

In the event of a suspected security incident, MarketQuants will investigate, contain, and remediate the issue promptly.

Where required, affected users or partners will be notified in accordance with applicable legal and contractual obligations.

Continuous Improvement

MarketQuants periodically reviews and enhances its cybersecurity practices to address evolving threats, infrastructure changes, and platform growth.

Governance & Responsibility​

Infrastructure Security​

Access Controls​

Data Protection​

Encryption​

Third-Party Integrations​

Endpoint Security​

Monitoring & Maintenance​

Incident Response​

Continuous Improvement​