Security

How ALG7 protects your data, infrastructure, and operations.

Data Sovereignty

ALG7 is a self-hosted platform. Your data never leaves your infrastructure. All processing, storage, and decision-making happens on machines you own and control. There are no cloud dependencies, no shared tenancy, and no external data pipelines.

Encryption

• At rest: All sensitive configuration, credentials, and stored data are encrypted using industry-standard algorithms on your local storage.
• In transit: All internal and external communications use TLS encryption. API endpoints enforce HTTPS.

No Third-Party Data Sharing

ALG7 does not transmit your trading data, strategies, portfolio information, or any operational data to third parties. Your alpha stays yours.

API Key Management

Exchange API keys and service credentials are stored securely within your deployment environment. Keys are never logged, never transmitted externally, and are accessible only to the components that require them. We recommend using read-only keys where possible and restricting IP allowlists at the exchange level.

Audit Logging

ALG7 maintains comprehensive audit logs of all system actions, configuration changes, and operational events. Logs are stored locally within your infrastructure, giving you full visibility and control over your operational history.

Responsible Disclosure

If you discover a security vulnerability in ALG7, we encourage responsible disclosure. Please report any findings to contact@alg7.io with the subject line "Security Disclosure." We take all reports seriously and will respond promptly.

We ask that you:

• Provide sufficient detail to reproduce the issue
• Allow reasonable time for a fix before public disclosure
• Do not exploit the vulnerability beyond what is necessary for demonstration