Security

Enterprise Security from Day One

Your financial data deserves the highest level of protection. Futura is SOC 2 Type II compliant with enterprise-grade security built into every layer.

SOC 2 Type II
AWS Security
256-bit Encryption
7-Year Audit Trails
99.9% Uptime SLA
Compliance

SOC 2 Type II Certified

We've built our platform from the ground up with SOC 2 compliance in mind. Our Type II certification validates that our security controls have been tested and proven effective over time.

  • Security

    Protection against unauthorized access through AWS WAF, GuardDuty, and multi-layer authentication.

  • Availability

    99.9% uptime SLA with multi-AZ deployments and automatic failover.

  • Processing Integrity

    All trades are logged, validated, and reconciled. Complete audit trail for every action.

  • Confidentiality

    Your data is encrypted at rest and in transit. We never sell or share your information.

  • Privacy

    GDPR and CCPA compliant. You control your data and can request deletion at any time.

Trust Service Criteria

Security

CC6.1 - CC6.8

Availability

A1.1 - A1.2

Processing

PI1.1 - PI1.5

Confidentiality

C1.1 - C1.2

SOC 2 reports available upon request for Enterprise customers.

Infrastructure

AWS Security Stack

Built on AWS with enterprise-grade security services protecting every layer of the platform.

AWS WAF

Web Application Firewall with 6 managed rule sets protecting against OWASP Top 10 vulnerabilities, SQL injection, XSS, and bot attacks.

AWS GuardDuty

ML-powered threat detection continuously monitors for malicious activity, unauthorized access, and compromised credentials.

Security Hub

Centralized security dashboard with CIS and AWS Foundational Security benchmarks. Automated compliance checks and findings aggregation.

CloudTrail

Complete audit logging of all API calls. 7-year retention with log file validation and tamper detection.

AWS Config

Continuous compliance monitoring with 6 SOC 2 compliance rules. Automatic detection of configuration drift.

Secrets Manager

Automatic rotation of database credentials and API keys every 30 days. No secrets stored in code or environment variables.

Defense in Depth Security Architecture
Protection

Your Data is Sacred

We treat your financial data with the highest level of care. Multiple layers of encryption, strict access controls, and complete audit trails ensure your information is always protected.

  • Encryption Everywhere

    AES-256 encryption at rest, TLS 1.3 in transit. Keys managed by AWS KMS with 90-day rotation.

  • No Third-Party Sharing

    We never sell, rent, or share your data with third parties. Your strategies are yours alone.

  • Right to Deletion

    Request complete deletion of your data at any time. GDPR and CCPA compliant.

Your Money is Safe

Futura never holds your funds. Your money stays in your brokerage account (Alpaca or Interactive Brokers), which are regulated by FINRA and protected by SIPC up to $500,000.

We only receive authorization to execute trades on your behalf through secure OAuth connections. We cannot withdraw funds from your account.

Practices

Security Practices

Vulnerability Management

  • Dependency scanning on every build
  • Container scanning before deployment
  • Weekly DAST scans
  • Annual penetration testing

Access Control

  • MFA required for all employees
  • Principle of least privilege
  • Background checks for engineers
  • Quarterly access reviews

Incident Response

  • 24/7 security monitoring
  • Documented response procedures
  • Customer notification policy
  • Regular incident drills

Questions About Security?

Our security team is available to answer any questions. Enterprise customers can request our SOC 2 Type II report.

Contact Security Team Request SOC 2 Report