Skip to main content

Security at MarketQuants

Your trust is our most valuable asset. We employ industry-standard security practices to ensure your data, portfolio, and trading credentials remain safe.

1. Data Encryption

In Transit

All data transmitted between your device (browser/app) and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher). This ensures that no one can intercept or read your data while it travels across the internet.

At Rest

Sensitive data stored in our databases—including your User Profile and Portfolio Snapshot history—is encrypted using AES-256 encryption standards. This provides a robust layer of defense against unauthorized access.

2. Broker Integration (Alpaca)

MarketQuants executes trades via Alpaca Securities, a FINRA/SIPC member broker.

Secure OAuth Integration

We utilize OAuth 2.0 integration with Alpaca to connect your brokerage account.

  • No API Keys: You never share your username, password, or raw API keys with MarketQuants.
  • Token-Based Access: When you click "Connect Broker," you are redirected to Alpaca's secure login page. You grant us a limited-scope access token that allows us to place trades on your behalf.
  • Revocable: You can revoke this access token at any time from your Alpaca dashboard, immediately cutting off MarketQuants' access without changing your passwords.

3. Infrastructure Security

Cloud Security

Our infrastructure is hosted on top-tier cloud providers (AWS/DigitalOcean) that maintain strict physical and network security controls (SOC 2, ISO 27001).

Network Protection

  • Firewalls: We utilize strict firewall rules (Security Groups) to block unauthorized traffic.
  • DDoS Protection: We employ Cloudflare edge protection to mitigate Denial of Service attacks and ensure uptime.

4. Responsible Disclosure

We welcome the help of the security research community. If you believe you have discovered a vulnerability in MarketQuants:

  1. Please do not exploit the issue or access data that does not belong to you.
  2. Email us immediately at security@marketquants.com.
  3. We will acknowledge your report and work to verify and patch the issue promptly.

5. User Best Practices

Security is a team effort. Here is what you can do to stay safe:

  • Strong Passwords: Use a unique, complex password for your MarketQuants account.
  • 2FA (Broker): Enable Two-Factor Authentication (2FA) on your Alpaca account. Even if someone gained access to MarketQuants, they cannot withdraw funds without your broker-level authorization.
  • Device Lock: Secure your phone or laptop with a passcode or biometric lock.