Infrastructure & Encryption
- TLS everywhere — HTTPS enforced with HSTS headers
- Data encrypted at rest on PostgreSQL encrypted volumes
- Container-based hosting with isolated deployments
- All inter-service communication over encrypted channels
- Security headers:
X-Frame-Options: DENY,X-Content-Type-Options: nosniff, Strict-Transport-Security, Content-Security-Policy
Authentication & Access Control
- JWT-based session authentication with HMAC signing
- TOTP multi-factor authentication (MFA) via standard authenticator apps
- httpOnly secure cookies for session tokens
- Password hashing with industry-standard algorithms
- Rate limiting on authentication endpoints
- API key authentication for programmatic access
Data Protection
- No sale of personal data to third parties
- Minimal data collection — authentication and platform functionality only
- Data deletion available on request
- Aggregated, anonymized data for analytics only
- Integrity checksums on all serialized ML model artifacts
Pipeline Integrity
- Deterministic scoring — same inputs always produce same outputs
- Human oversight pipeline: all scores pass through staged → approved → published workflow before reaching users
- Circuit breakers halt the pipeline automatically on score drift >30%, ingestion failure >20%, or ML regression >50%
- Full governance audit log with event history
Compliance Posture
We follow industry best practices aligned with SOC 2 principles. Formal certification is on our roadmap.
- GDPR-aligned data handling — deletion requests honored, minimal collection
- Regular internal security reviews
- Dependency vulnerability scanning
Vulnerability Disclosure
If you discover a security vulnerability, please report it responsibly. We take all reports seriously.
- Email: security@margin-invest.com
- 48-hour acknowledgment SLA
- Please include reproduction steps, affected components, and potential impact
For general security questions, visit our support page.