Security

Architecture

Alle-Quant is designed with a defense-in-depth approach. The application never takes custody of funds. It connects to your brokerage through authenticated APIs that you control and can revoke at any time.

Encryption

• In transit: all connections use TLS 1.3.
• At rest: sensitive data is encrypted with AES-256. Brokerage API keys are stored using AWS KMS envelope encryption.

Authentication

User authentication is managed by AWS Cognito with support for email/password and multi-factor authentication (MFA). Session tokens are short-lived and automatically rotated.

Risk Controls

The trading engine enforces hard-coded safety backstops that cannot be bypassed, including maximum position sizes, daily loss limits, and a global kill switch. These operate independently of the AI layer.

Infrastructure

• Hosted on AWS (US regions) with isolated VPC networking.
• Container workloads run on ECS Fargate with no persistent host access.
• Infrastructure is managed as code and reviewed before deployment.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@alle-quant.com. We ask that you give us reasonable time to address the issue before public disclosure. We do not pursue legal action against good-faith security researchers.