Security at ACIS

We take security seriously. Your data and investment intelligence are protected by enterprise-grade security measures.

Our Security Commitment

At Alpha Centauri Investment Strategies Inc., we understand that you're trusting us with sensitive financial data and proprietary investment strategies. We've built our platform from the ground up with security as a core principle, not an afterthought.

99.9% Uptime

Enterprise-grade infrastructure with redundancy and failover

Bank-Level Encryption

AES-256 encryption at rest, TLS 1.3 in transit

Privacy First

We never sell your data or share your portfolio holdings

Data Encryption

Encryption at Rest

  • AES-256 Encryption: All data stored in our PostgreSQL databases is encrypted using AES-256-GCM
  • Encrypted Backups: Database backups are encrypted before being stored in AWS S3
  • Key Management: Encryption keys are rotated every 90 days using AWS KMS

Encryption in Transit

  • TLS 1.3: All API traffic uses TLS 1.3 with perfect forward secrecy
  • HTTPS Only: We enforce HTTPS for all web traffic with HSTS headers
  • Certificate Pinning: Our mobile apps (coming soon) use certificate pinning

Authentication & Access Control

User Authentication

  • bcrypt Password Hashing: Passwords are hashed with bcrypt (cost factor 12)
  • JWT Tokens: Short-lived JWT tokens (1 hour expiry) for web authentication
  • Password Requirements: Minimum 8 characters with complexity requirements
  • 2FA (Coming Soon): Multi-factor authentication using TOTP (Google Authenticator, Authy)

API Key Security

  • Rotating API Keys: Keys automatically rotate every 90 days
  • Scoped Permissions: API keys have fine-grained permissions (read-only, write, admin)
  • IP Whitelisting: Optional IP restriction for API key usage
  • Key Revocation: Instantly revoke compromised keys from your dashboard

Security Best Practice

Never expose your API key in client-side code, public repositories, or logs. Use environment variables and secret management tools.

Infrastructure Security

Cloud Infrastructure

  • AWS Hosting: Deployed on AWS with SOC 2 Type II compliant infrastructure
  • Firewall Protection: VPC with security groups and network ACLs
  • DDoS Protection: Cloudflare WAF with rate limiting and bot protection
  • Intrusion Detection: AWS GuardDuty for threat detection

Database Security

  • Private Subnet: Databases isolated in private VPC subnet (no public access)
  • Daily Backups: Automated daily backups with 30-day retention
  • Point-in-Time Recovery: Restore to any point within last 7 days
  • SQL Injection Prevention: Parameterized queries with Pydantic validation

Application Security

Input Validation

  • Pydantic schema validation for all API inputs
  • Type checking and sanitization
  • XSS prevention with CSP headers

Rate Limiting

  • Redis-backed rate limiting per API key
  • Tier-based quotas (1K/10K/unlimited)
  • Automatic throttling on abuse detection

Monitoring & Auditing

  • 24/7 Monitoring: Real-time infrastructure and application monitoring with Prometheus + Grafana
  • Security Alerts: Automated alerts for suspicious activity, failed login attempts, and anomalies
  • Audit Logs: Comprehensive logging of all API requests, authentication events, and admin actions
  • Log Retention: Logs retained for 12 months for compliance and forensic analysis
  • Incident Response: 24/7 on-call security team for incident response and remediation

Compliance & Certifications

SOC 2 Type II

Infrastructure hosted on AWS (SOC 2 compliant)

GDPR Ready

Data protection and privacy rights compliance

PCI DSS

Payment data secured via Stripe (PCI Level 1)

Security Testing & Audits

  • Automated Vulnerability Scanning: Weekly scans with Snyk and Dependabot
  • Penetration Testing: Annual third-party penetration tests
  • Code Reviews: Security-focused code reviews for all critical changes
  • Dependency Updates: Automated updates for security patches within 24 hours

Responsible Disclosure

We welcome security researchers to help us keep ACIS secure. If you discover a security vulnerability, please report it to us responsibly:

How to Report a Vulnerability

  1. Email us at security@acis-trading.com
  2. Include detailed steps to reproduce the vulnerability
  3. Allow us 90 days to fix before public disclosure
  4. Do not exploit the vulnerability beyond proof-of-concept

Response Time: We will acknowledge your report within 24 hours and provide updates every 48 hours.

Questions About Security?

Our security team is here to help. Contact us for security inquiries, compliance documentation, or penetration test results.

Contact Security TeamView Privacy Policy