Security

What protects the keys.

Operator capital lives at the venue, not at inite.fund — but the venue keys, the approval queue, and the audit log do live here. This page enumerates the controls.

  1. 01 Venue keys at rest

    Stored in a per-user encrypted vault. Plaintext is held only in memory at trade time and never written to disk. A database dump without the live decryption secret yields no usable keys.

  2. 02 Per-strategy ownership

    Every strategy belongs to one named user and acts only through that user's venue keys. There is no shared trading user and no platform-level executor. One user cannot reach another user's venue.

  3. 03 Append-only audit

    Every state-changing event — capital flow, approval, mode change, kill-switch flip, fill — lands in a hash-chained ledger that detects silent rewrites.

  4. 04 Role-based access

    Three tiers: viewer (read-only), operator (set mode, approve trades, manage allocation), admin (invite, credit cash, list users). API tokens inherit the caller's tier; a viewer token cannot place a trade.

  5. 05 Kill switch

    Operator-tier action that halts the engine on the next tick. State is preserved; positions are not closed automatically — the operator decides whether to flatten or hold. Reset requires admin sign-off.

  6. 06 Network boundary

    The trading engine has no public port. Web traffic terminates at a TLS-fronted gateway; venue traffic flows out through the strategy owner's keys only.

  7. 07 Reporting an issue

    security@inite.fund (or hello@inite.fund) with reproduction steps. Acknowledged within one business day. Good-faith disclosure is welcomed.

Plain-language summary of current controls. Architecture changes; the live posture is whatever the running infrastructure enforces, not whatever this page describes.