Security at ACIS

We take security seriously. Your data and investment intelligence are protected by enterprise-grade security measures.

Our Security Commitment

At Alpha Centauri Investment Strategies Inc., we understand that you're trusting us with sensitive financial data and proprietary investment strategies. We've built our platform from the ground up with security as a core principle, not an afterthought.

99.9% Uptime

Enterprise-grade infrastructure with redundancy and failover

Bank-Level Encryption

AES-256 encryption at rest, TLS 1.3 in transit

Privacy First

We never sell your data or share your portfolio holdings

Data Encryption

Encryption at Rest

  • AES-256 Encryption: All data stored in our PostgreSQL databases is encrypted using AES-256-GCM
  • Encrypted Backups: Database backups are encrypted and stored securely with redundancy
  • Key Management: Encryption keys are securely managed and rotated regularly

Encryption in Transit

  • TLS 1.3: All API traffic uses TLS 1.3 with perfect forward secrecy
  • HTTPS Only: We enforce HTTPS for all web traffic with HSTS headers
  • Certificate Pinning: Our mobile apps (coming soon) use certificate pinning

Authentication & Access Control

User Authentication

  • bcrypt Password Hashing: Passwords are hashed with bcrypt (cost factor 12)
  • JWT Tokens: Short-lived JWT tokens (1 hour expiry) for web authentication
  • Password Requirements: Minimum 8 characters with complexity requirements
  • 2FA (Coming Soon): Multi-factor authentication using TOTP (Google Authenticator, Authy)

API Key Security

  • Rotating API Keys: Keys automatically rotate every 90 days
  • Scoped Permissions: API keys have fine-grained permissions (read-only, write, admin)
  • IP Whitelisting: Optional IP restriction for API key usage
  • Key Revocation: Instantly revoke compromised keys from your dashboard

Security Best Practice

Never expose your API key in client-side code, public repositories, or logs. Use environment variables and secret management tools.

Infrastructure Security

Cloud Infrastructure

  • European Cloud Hosting: Deployed on Hetzner Cloud (Germany) with ISO 27001 certified data centers
  • Firewall Protection: UFW firewall with strict ingress/egress rules
  • DDoS Protection: Cloudflare WAF with rate limiting and bot protection
  • Zero Trust Access: Cloudflare Tunnel for secure API access without exposed ports

Database Security

  • Localhost Only: Database accepts only local connections (no public access)
  • Daily Backups: Automated daily backups with 30-day retention
  • Point-in-Time Recovery: WAL archiving enables point-in-time recovery
  • SQL Injection Prevention: Parameterized queries with Pydantic validation

Application Security

Input Validation

  • Pydantic schema validation for all API inputs
  • Type checking and sanitization
  • XSS prevention with CSP headers

Rate Limiting

  • Redis-backed rate limiting per API key
  • Tier-based quotas (1K/10K/unlimited)
  • Automatic throttling on abuse detection

Monitoring & Auditing

  • 24/7 Monitoring: Real-time infrastructure and application monitoring with Prometheus + Grafana
  • Security Alerts: Automated alerts for suspicious activity, failed login attempts, and anomalies
  • Audit Logs: Comprehensive logging of all API requests, authentication events, and admin actions
  • Log Retention: Logs retained for 12 months for compliance and forensic analysis
  • Incident Response: 24/7 on-call security team for incident response and remediation

Compliance & Certifications

ISO 27001

Infrastructure hosted on Hetzner (ISO 27001 certified data centers)

GDPR Compliant

EU-hosted data with full GDPR compliance

PCI DSS

Payment data secured via Stripe (PCI Level 1)

Security Testing & Audits

  • Automated Vulnerability Scanning: Weekly scans with Snyk and Dependabot
  • Penetration Testing: Annual third-party penetration tests
  • Code Reviews: Security-focused code reviews for all critical changes
  • Dependency Updates: Automated updates for security patches within 24 hours

Responsible Disclosure

We welcome security researchers to help us keep ACIS secure. If you discover a security vulnerability, please report it to us responsibly:

How to Report a Vulnerability

  1. Email us at [email protected]
  2. Include detailed steps to reproduce the vulnerability
  3. Allow us 90 days to fix before public disclosure
  4. Do not exploit the vulnerability beyond proof-of-concept

Response Time: We will acknowledge your report within 24 hours and provide updates every 48 hours.

Questions About Security?

Our security team is here to help. Contact us for security inquiries, compliance documentation, or penetration test results.

Contact Security TeamView Privacy Policy