Security Practices

How we secure your data, sessions, and exchange connections.

Data Protection

Encryption at Rest

  • • Sensitive data encrypted at rest.
  • • Secure key management practices.

Encryption in Transit

  • • All traffic secured with TLS.
  • • Strict HTTPS enforcement.

API Key Protection

  • • Encrypted credential storage.
  • • No raw API keys exposed in UI.
  • • Access restricted to secure services only.

Database Security

  • • Row-level security enforcement.
  • • Strict role-based access control.

Authentication & Access Control

  • Email/password + OAuth support
  • Optional two-factor authentication (TOTP)
  • Admin MFA requirements
  • Role-based access controls
  • Session expiration policies
  • Automatic session invalidation on password change

Session Security

Active session tracking

Monitor all logged-in devices

Device/session visibility

View location and browser details

Session revocation

Logout from any device

Idle timeouts

Automatic session expiration

Admin session restrictions

Enhanced controls for admin users

Exchange API Security

Non-Custodial Architecture

Trade-only API permission requirement

API keys must be configured for trading only, no withdrawals

Withdrawal permissions rejected

System automatically rejects connections with withdrawal access

Continuous permission validation

Regular checks to ensure API key permissions remain correct

Connection health monitoring

Real-time monitoring of exchange connectivity and API status

Reconnect requirement on auth expiration

Manual reconnection required if exchange credentials expire

Infrastructure & Monitoring

Continuous system monitoring

Automated alerting

Audit logging of sensitive actions

Rate limiting protections

Incident response procedures

Responsible Disclosure

If you discover a security issue, please contact us immediately.

Security Contact Email

security@quantumedge.markets

Disclosure Policy Summary

We ask that you do not publicly disclose security issues until we have had an opportunity to investigate and address them.

Bug Bounty

We review all legitimate security reports and may offer rewards for qualifying vulnerabilities.

If Your Account Is Compromised

Take these steps immediately if you suspect unauthorized access:

  1. 1

    Revoke exchange API keys immediately

    Log into Kraken and revoke API access

  2. 2

    Change your password

    Update your QuantumEdge account password

  3. 3

    Revoke active sessions

    Log out all devices from session management

  4. 4

    Contact support

    Report the incident to our team

Compliance & Audit

Audit log retention policy

Critical actions logged and retained for compliance

Legal consent tracking

Terms of service and policy acceptance tracked

Administrative action logging

All admin changes recorded with timestamps

Data export and deletion capabilities

User rights to access and remove personal data

View Data Retention Policy