Security & Data Protection

• Encryption in transit – all traffic forced to HTTPS / TLS 1.3.
• Secrets at rest – API keys stored in AES-256 GCP Secret Manager.
• Zero-custody model – we never hold client assets; orders are routed directly to the broker.
• 2-factor auth – admin dashboard and code deploys require FIDO U2F.
• Pen-test – scheduled with HackerOne at 1 000 paid users.

Questions? E-mail security@aurelianfortune.com.