Security
Security & risk controls
How we separate public education from private execution infrastructure — without exposing secrets to the browser.
Security layers
Credential isolation
API keys and secrets stay on private infrastructure. The public web app does not store exchange credentials.
Container isolation
Operational components run in isolated environments with resource and network boundaries.
Risk engine
Position limits, drawdown rules, and emergency safeguards — described in policies, not sold as profit tools.
Network protection
CDN, TLS, and firewall patterns for public endpoints. Private backends are not exposed to the browser.
Error monitoring
Sentry and structured logging for failures — without publishing misleading uptime or performance claims.
Observability
Vercel Analytics and Speed Insights on the frontend. Runtime health via the public status page when configured.
Risk management controls
| Control | Details |
|---|---|
| Position size limits | Configurable caps per symbol and session |
| Drawdown rules | Automated halts when thresholds are breached |
| Leverage caps | Enforced at execution layer when active |
| Emergency safeguards | Documented shutdown procedures via approved channels |
| Rate limiting | API throttles to reduce runaway behavior |
| Circuit breakers | Volatility and integrity checks before actions |
Join the private beta waitlist
Account access is invite-based while the AI assistant and neural model are under development.