Cybersecurity Policy

Last Updated: February 4, 2026

MarketQuants is committed to maintaining the confidentiality, integrity, and availability of its systems and data through a risk-based cybersecurity program designed to protect against unauthorized access, data loss, misuse, and disruption.

Governance & Responsibility

Cybersecurity oversight is the responsibility of company leadership and authorized technical personnel. Access to production systems and sensitive data is limited to approved individuals based on job function and follows the principle of least privilege.

Infrastructure Security

MarketQuants utilizes reputable cloud service providers to host its infrastructure, including:

DigitalOcean App Platform
Vercel
MongoDB Atlas

These providers manage underlying physical and network security controls, including firewalls, intrusion protection, and automated operating system patching. Application services are deployed using hardened, minimal container images to reduce attack surface.

Access Controls

Logical access to systems is protected through strong authentication and authorization mechanisms:

Multi-Factor Authentication (MFA) is required for administrative access.
Token-based Authentication (JWT) and role-based authorization protect application-level access to sensitive resources.
Secrets Management: Production credentials and secrets are securely stored and segregated from development environments.

Data Protection

Encryption in Transit: All data in transit is encrypted using industry-standard TLS protocols.
Encryption at Rest: Persistent data is stored in managed databases that provide encryption by default.
Third-Party Integrations: MarketQuants does not store brokerage login credentials and relies on secure OAuth-based authorization for third-party integrations.

Endpoint Security

Developer and administrative workstations are required to:

Use current operating systems.
Enable automatic security updates.
Utilize endpoint protection software.
Employ full-disk encryption.

Access to production environments from endpoints is restricted and monitored.

Monitoring & Maintenance

The company relies on cloud-provider monitoring, logging, and alerting capabilities to detect abnormal behavior and system issues. Dependencies are managed using lockfiles and controlled updates to reduce supply-chain risk.

Incident Response

In the event of a suspected security incident, MarketQuants will promptly investigate, contain, and remediate the issue. If applicable, affected partners and users will be notified in accordance with contractual obligations and applicable laws.

Continuous Improvement

MarketQuants periodically reviews and updates its security practices to address evolving threats, changes in technology, and business growth.

Governance & Responsibility​

Infrastructure Security​

Access Controls​

Data Protection​

Endpoint Security​

Monitoring & Maintenance​

Incident Response​

Continuous Improvement​