Security at VigQuant

Last updated: February 2026

Your data security and privacy are foundational to everything we build. We never store trading credentials, brokerage passwords, or execute trades on your behalf.

Data in Transit

All communications encrypted with TLS 1.3. API endpoints enforce HTTPS. WebSocket connections for real-time updates are encrypted end-to-end.

Data at Rest

Passwords are hashed with bcrypt (never stored in plaintext). Database hosted on Railway with encrypted storage. Analysis history is private to each user.

Authentication

JWT-based authentication with short-lived access tokens (15 min) and secure refresh tokens (7 day). Brute-force protection on login endpoints. Per-IP rate limiting on all API endpoints.

Infrastructure

Frontend hosted on Vercel with automatic DDoS protection. Backend hosted on Railway with isolated containers. GPU workloads run on Modal's SOC 2 compliant infrastructure. Redis for caching with authenticated connections only.

What We Don't Do

We never store brokerage credentials.
We never execute trades.
We never share analysis data between users.
We never sell user data to third parties.

Data Retention

Analysis history retained while account is active. Upon account deletion, all personal data is removed within 30 days. Anonymized aggregate statistics may be retained for model improvement.

Reporting Vulnerabilities

Contact security@vigquant.com for responsible disclosure.