Security & Compliance

This section outlines how QuantumExecute addresses security risks and compliance obligations, ensuring that the platform is trustworthy and operates within legal and ethical boundaries.

Platform Security Measures: Security is ingrained in QE’s design and operations. As discussed earlier, user credentials and API keys are protected with state-of-the-art encryption and secure enclaves. Beyond that:

  • All web and API traffic is encrypted via HTTPS/TLS. There are firewall rules and network segmentation in place to isolate critical systems (for example, database servers are not directly accessible from the internet).

  • We employ continuous security monitoring – any suspicious login attempts or system anomalies trigger alerts. Important actions (like creating API keys, changing account settings) may generate notifications to the user as well.

  • Regular security audits and penetration tests are conducted, some by third-party experts, to find and fix vulnerabilities.

  • The platform requires strong passwords and 2FA for users, reducing the chance of account breaches. Internally, our team follows the principle of least privilege; only a minimum number of senior engineers have access to production systems, and even then, they cannot access sensitive user data thanks to encryption.

  • In terms of infrastructure, AWS’s security (including Nitro Enclaves and KMS) adds additional layers trusted by many financial institutions.

Operational Risk Controls: From a risk management perspective, QE implements controls to ensure the algorithms don’t run wild or cause unintended consequences:

  • Pre-trade checks: Before an algorithm starts, the system checks for obvious issues like “order size larger than available balance” or parameters out of allowed ranges, etc., to prevent immediate failures.

  • In-flight risk management: As noted, algorithms have built-in risk limits (like price bands, max participation) to prevent excessive deviation. If an algorithm encounters extreme conditions (e.g., market price moves beyond a set threshold), it may pause or stop to protect from runaway loss.

  • Post-trade reviews: Our team monitors executions especially in the trial phase. If something looks abnormal (like an algorithm consistently underperforms or behaves oddly), we investigate to ensure it’s not a bug or a misuse.

  • The platform also protects against self-trading or other undesired actions on exchanges – e.g., algorithms are designed not to inadvertently trade with each other or the user’s own orders on multiple accounts that could be considered self-dealing.

Compliance with Financial Regulations: As a provider of trading technology (and not an exchange or broker-dealer ourselves), QE operates in a somewhat grey area regarding financial regulations. However, we take compliance seriously:

  • We adhere to KYC/AML policies. When onboarding institutional clients, we may perform KYC checks and require certain documentation. For individual users in the trial, basic email verification and behavior monitoring are in place. We don’t support anonymity if it comes to live trading with significant amounts – users will have to agree to terms and possibly identity verification in production.

  • We ensure that our service doesn’t facilitate market manipulation or other illicit activities. For example, if an institution wanted to use our tool in a way that violates exchange rules or market regulations, that would be against our terms. We design algorithms for legitimate execution, not things like pump-and-dump.

  • Data privacy compliance: We comply with applicable data protection laws (GDPR, etc.). We only collect data needed for service and never sell user data. Users can request deletion of their personal data if leaving the platform.

  • Exchange compliance: We obey the terms of service of integrated exchanges. Our API calls include user’s API keys, meaning trades are done in the user’s name on the exchange, which is generally allowed by exchanges. We ensure our platform doesn’t exceed rate limits or engage in prohibited practices on those exchanges.

  • If the platform expands globally, we may obtain any necessary licenses or approvals (for instance, if in the future we were to hold customer funds or give investment advice, which currently we do not).

User Responsibilities: We also remind users that they have their own compliance responsibilities. If you’re trading large volumes or are subject to specific regulations (like you’re an investment firm), ensure using an algorithmic platform fits within your regulatory framework. QuantumExecute provides tools, but users must use them in a manner compliant with laws (tax reporting, no insider trading, etc.).

Business Continuity and Trust: We maintain business continuity plans – e.g., backups, secondary servers – to prevent data loss or extended downtime, which could have compliance implications in terms of service reliability. In the unlikely event of a major incident (security breach or system failure), we have an incident response plan and will communicate transparently with users and authorities as required.

In summary, QE aims to provide a secure environment that meets high standards of integrity, confidentiality, and compliance. Users can trade with confidence that their assets (held on exchanges) and data are safe with our platform, and that using QE will help them fulfill their best execution obligations rather than hinder them.

PreviousFrequently Asked Questions (FAQ)NextTerms & Disclaimers

Last updated