The questions compliance teams ask before they roll out Vigatra. Don't see yours? Ask us directly.
Yes. Exchange connections use read-only API keys — we signature-test every key for read-only scope before we store it, and reject any key with trade or withdrawal permissions. For blockchains we only use the public wallet address. Vigatra cannot trade, withdraw, or move any asset. Ever.
No. Employees generate a read-only API key inside their own exchange account and paste only that key — never their login or password. For wallets, only the public address is needed. We never receive exchange credentials or seed phrases.
Stored credentials are encrypted with AES-256-GCM before they touch the database. All traffic is encrypted in transit over HTTPS. Access is role-based (admin / compliance / viewer), and every action in the platform is written to an immutable audit log.
SOC 2 Type II is in progress. Today the platform is built to SOC 2-aligned controls — encryption, least-privilege access, audit logging, and read-only architecture — and we're GDPR/DPA-ready for enterprise customers.
You add an employee and send them a secure onboarding link. They connect their exchanges (read-only keys) and paste their wallet addresses — usually in a few minutes. No software to install.
Balances, transactions and prediction-market positions sync continuously in near-real-time, with priority sync for enterprise plans. Anomalies surface as alerts with a full audit trail.
Your choice. Use the hosted Vigatra dashboard (no engineering), the REST API + webhooks to pipe everything into your own data warehouse or compliance stack, or both on the same subscription.
Large balance swings, outsized or oddly-timed new positions, unknown-counterparty deposits, cross-platform transfers, and outsized prediction-market exposure. Enterprise customers can define custom alert rules and surveillance logic.
Yes, when employees consent to monitoring as part of their employment or contractor terms — which is standard for personal-account-dealing policies. Your firm is the Data Controller; Vigatra acts as the Data Processor under a DPA. You're responsible for notifying employees as required by local employment and privacy law; we give you the tooling and the records.
Regulators increasingly expect documented, continuous surveillance of personal trading — not just quarterly attestations. Vigatra gives you the continuous data, the alerts, and the audit trail to evidence that your controls actually operate.
Visibility is governed by your configuration and your firm's policy. Because you are the Data Controller, employee data-subject requests flow through your compliance team, and Vigatra supports you in fulfilling them.
We cover 651+ integrations today — 28 exchanges, 27 blockchains, 3 prediction markets, and 593 wallets. If you need one we don't show yet, we add new providers on roughly a one-week turnaround for customers, with no code changes on your side.
Yes — Polymarket, Kalshi and Manifold, natively. It's the category virtually no other compliance vendor monitors, and it's where a lot of new event-based insider risk now lives.
Pricing is custom and scales with the number of employees you monitor. See plans or request a quote tailored to your firm.
A day, not a quarter — there's no integration build. Most firms run a 30-day pilot on a handful of employees first, with white-glove onboarding for the first connections.