Multi-Layered Protection
When you deposit funds with a broker, you are placing your trust — and your capital — in their hands. At QuantaraEX, we take this responsibility extremely seriously. Our security infrastructure is built on the principle of defence in depth: multiple independent layers of protection, so that even if one layer were breached, your funds and data remain safe behind the next.
From the moment you create your account to every trade you place and every withdrawal you make, your interaction with QuantaraEX is protected by bank-grade encryption, strict access controls, continuous monitoring, and industry-leading security practices.
This page provides a comprehensive overview of the measures we employ to safeguard your funds, your personal information, and the integrity of your trading experience.
Six Pillars of Security
Each pillar addresses a distinct dimension of security — from how we hold your money to how we protect your personal data.
Segregated Client Accounts
Your deposited funds are held in segregated bank accounts that are completely separate from QuantaraEX's operational capital. This ring-fencing ensures that your money is protected and available for withdrawal at all times, regardless of the company's financial position.
- Funds held at tier-one banking institutions
- Daily reconciliation of all client account balances
- Independent verification by external auditors
- No commingling with corporate operating funds
- Insolvency protection — client funds are not available to creditors
Bank-Grade Encryption
Every interaction between your browser and our servers is protected by 256-bit SSL/TLS encryption — the same standard used by the world's largest banks. This ensures that your personal data, financial information, and trading activity cannot be intercepted by unauthorized parties.
- 256-bit AES encryption for all data in transit
- TLS 1.3 protocol with Perfect Forward Secrecy
- HSTS (HTTP Strict Transport Security) enforced on all endpoints
- Encryption at rest for all stored sensitive data
- Regular certificate rotation and vulnerability scanning
Two-Factor Authentication (2FA)
QuantaraEX supports two-factor authentication to add an additional layer of security to your account. Even if your password were compromised, an attacker would still need access to your second authentication factor to log in.
- Time-based one-time passwords (TOTP) via authenticator apps
- SMS verification as a secondary option
- 2FA required for sensitive operations (withdrawals, password changes)
- Device trust management — review and revoke authorized sessions
- Brute-force protection with automatic account lockout after failed attempts
Cold Storage for Cryptocurrency
For clients who deposit cryptocurrency, the majority of digital assets are held in cold storage — offline hardware wallets that are not connected to the internet. This eliminates the risk of online hacking, unauthorized access, or exploitation of software vulnerabilities.
- Multi-signature cold wallets requiring multiple authorizations
- Only a small operational float is kept in hot wallets for immediate withdrawals
- Hardware Security Modules (HSMs) for private key management
- Geographic distribution of cold storage locations for disaster resilience
- Regular audits of on-chain holdings against internal records
Third-Party Security Audits
We do not rely solely on our own security assessment. QuantaraEX engages independent, specialized cybersecurity firms to conduct regular penetration testing, vulnerability assessments, and security audits of our entire infrastructure.
- Annual penetration testing by certified external security firms
- Continuous automated vulnerability scanning across all systems
- Web application security testing (OWASP Top 10 coverage)
- Infrastructure security review including server, network, and database configurations
- Findings are remediated on a risk-prioritized schedule with executive oversight
Data Protection (GDPR Compliance)
QuantaraEX processes personal data in full compliance with the General Data Protection Regulation (GDPR) and equivalent international frameworks. We collect only the data we need, store it securely, and never sell it to third parties.
- Data minimization — we collect only what is necessary for regulatory compliance and service delivery
- Right to access, rectify, and erase personal data upon request
- Data Protection Impact Assessments (DPIAs) for new processing activities
- Appointed Data Protection Officer (DPO) overseeing compliance
- Data processing agreements with all third-party service providers
Infrastructure Security
Beyond the application layer, our physical and network infrastructure is hardened against threats ranging from DDoS attacks to natural disasters.
DDoS Protection
Our infrastructure is protected against Distributed Denial of Service (DDoS) attacks by enterprise-grade mitigation services. Traffic filtering, rate limiting, and geo-distributed content delivery ensure that our platform remains accessible even during large-scale attack attempts. Multiple layers of protection — from edge network filtering to application-level rate limiting — work together to absorb and deflect malicious traffic without impacting legitimate users.
Network Segmentation
Our network architecture uses strict segmentation to isolate different system components. The trading engine, database servers, client-facing web servers, and administrative systems each operate in their own network segment with dedicated firewall rules. This means that even if one component were compromised, the attacker would face additional barriers to reach other systems. Internal communication between segments uses encrypted channels and is monitored in real time.
Intrusion Detection & Monitoring
Our Security Operations Centre (SOC) monitors all systems around the clock using a combination of intrusion detection systems (IDS), security information and event management (SIEM) tools, and automated anomaly detection. Suspicious activity triggers immediate alerts, and our incident response team follows predefined playbooks to investigate, contain, and remediate threats in real time. Every security event is logged, reviewed, and analyzed to continuously improve our detection capabilities.
Business Continuity Planning
QuantaraEX maintains a comprehensive Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) to ensure service availability even in the event of catastrophic incidents. Our infrastructure runs across multiple data centres with automatic failover, ensuring that a hardware failure or data centre outage does not disrupt trading. Database backups are performed continuously with point-in-time recovery capability, and disaster recovery tests are conducted regularly to validate our recovery procedures.
Security at a Glance
A quick reference of the security technologies and practices that protect your QuantaraEX account.
| Security Measure | Standard | Status |
|---|---|---|
| SSL/TLS Encryption | 256-bit AES, TLS 1.3 | Active |
| Two-Factor Authentication | TOTP / SMS | Available |
| Client Fund Segregation | Tier-one banks | Enforced |
| Negative Balance Protection | All retail accounts | Active |
| Cold Storage (Crypto) | Multi-sig hardware wallets | Active |
| DDoS Protection | Enterprise-grade mitigation | Active |
| Penetration Testing | Annual + continuous scanning | Current |
| GDPR Compliance | Full compliance | Certified |
| Data Encryption at Rest | AES-256 | Active |
| Business Continuity Plan | Multi-DC failover | Tested |
| Intrusion Detection | 24/7 SOC monitoring | Active |
| Password Hashing | bcrypt with salt | Enforced |
Protecting Your Account
Security is a shared responsibility. While we protect the infrastructure, there are important steps you can take to further safeguard your account.
Use a strong, unique password
Your trading account password should be at least 12 characters long, combining uppercase and lowercase letters, numbers, and special characters. Never reuse a password from another website or service.
Enable two-factor authentication
Activate 2FA on your QuantaraEX account immediately after registration. We recommend using an authenticator app (such as Google Authenticator or Authy) rather than SMS for the strongest protection.
Verify your email and phone
Ensure your registered email address and phone number are current and accessible. These are used for security notifications, password recovery, and withdrawal confirmations.
Review active sessions regularly
Periodically check your account's active sessions and revoke any that you do not recognize. If you see a login from an unfamiliar location or device, change your password immediately.
Beware of phishing attempts
QuantaraEX will never ask for your password via email, phone, or chat. Always verify that you are on the official QuantaraEX website before entering your credentials. Check the URL carefully and look for the padlock icon in your browser.
Keep your devices secure
Ensure your computer and mobile devices have up-to-date operating systems, antivirus software, and security patches. Avoid trading from public Wi-Fi networks or shared computers.
Use a dedicated email for trading
Consider using a separate email address for your trading accounts — one that is not publicly associated with your social media or other online services. This reduces the risk of targeted phishing attacks.
Set up withdrawal notifications
Enable notifications for all withdrawal requests so you are immediately alerted if someone attempts to withdraw funds from your account. Any unexpected withdrawal notification should be treated as a security incident.
Report a Security Concern
If you believe your account has been compromised, if you have identified a security vulnerability in our platform, or if you have received a suspicious communication claiming to be from QuantaraEX, please contact our security team immediately.
We take all security reports seriously and will investigate promptly. If you are a security researcher, we welcome responsible disclosure and will work with you to address any confirmed vulnerabilities.