At QuantCopy, data security and automation reliability starts with our co-founder, Rudy. We are led by his many years of experience managing operational and automation risk in high frequency trading, where a rouge line of code can bring down entire companies.
We run monthly cloud security and DevSecOps reviews with AWS certified partner and third-party security consultancy Colibri Digital.
We conform to best-in-class security practices and make this a central part of our internal engineering processes. In many cases, we deploy new code to our servers several times each day. We have baked strict account identifier checks into our software at all access points. Concretely, this means that you can never access data belonging to another account, and vice versa.
We conduct multi-person code reviews for each new deployment to our server infrastructure. In addition, we host weekly security reviews at an organisational level. Prior to deployment, every software commit must comply with unit and integration tests designed to catch potential errors or vulnerabilities before deployment to our production systems.
Engineering and artificial intelligence researchers are required to deeply understand web application security best practices, following the OWASP framework to understand vulnerabilities. We proactively stay up to date with the latest security vulnerabilities releases and paradigm shifts in the security space.
We only use third-party frameworks, libraries and mitigations that have been vetted and approved by the open source and security community.
We enable team administrators to manage team-wide settings. This includes single sign-on and two-factor authentication (2FA). Team administrators can also manage integrations, deactivate users, and update users’ account details.
If you would like a further audit of our access control runbook, please contact email@example.com.
Our infrastructure runs exclusively on Amazon Web Services (AWS). In addition, we conform to the highest industry standards, requiring the latest best-in-class encryption protocols to encrypt all data in transit and at rest.
We use AWS RDS as our relational database. AWS RDS is optimized for performance and availability. Data backups of up to 30 days are available. This means that we can restore data from up to four points each day within the past 30 days in the event of disaster recovery. Our Amazon RDS instances run in isolated Virtual Private Clouds on the AWS network.
Our entire application runs over SSL provided by AWS. Our SSL utilizes the SHA-256 algorithm with RSA encryption. No passwords are stored – our entire application is secured by Auth0, and inbox integrations are supported by the Nylas API.