We treat it that way. Read-only by default. Encrypted at rest. Auditable on every access. Designed so that even a full database breach yields nothing usable.
Every onboarding flow walks the employee through generating an API key with read-only scope only. Trade, transfer, and withdraw permissions are explicitly disabled and (where supported) we test the key's effective scope before storing it. If your employee accidentally grants trade permission, we reject the key and prompt them to regenerate.
Exchange API secrets are encrypted with AES-256-GCM before they touch the database. The authentication tag built into GCM mode catches any post-write tampering. A full database breach yields encrypted ciphertext only — the keys live in environment-isolated secret storage, not the same vault as the data.
Every authenticated request your compliance team makes is logged: user_id, action, resource_type, resource_id, ip_address, timestamp. When a regulator audits you, hand over /api/v1/audit as a CSV and you're done. No one quietly browses employee financials.
Three default roles — Admin, Compliance, Viewer — with granular permissions per resource (employees, balances, transactions, predictions, alerts, audit). The CEO sees everything. The compliance officer sees flagged activity. HR sees nothing. Custom roles available on Enterprise.
TLS termination at the reverse proxy (nginx / Caddy / Cloudflare). Certificate auto-renewal via Let's Encrypt. HSTS headers prevent protocol downgrade. We refuse to accept real API keys over plain HTTP — the onboarding page blocks itself on non-TLS origins.
JWT access tokens expire in 24 hours. API keys can be rotated or revoked instantly from the dashboard with no client-side migration. Stale tokens are denied at the edge, not the database.
Vigatra pulls from exchanges and chains on our infrastructure. We never accept inbound webhooks from third-party venues, so there's no exploit surface where a malicious caller could feed false balance data into your dashboard.
If an employee revokes their key or their connection breaks, the dashboard surfaces it as a red badge within one polling cycle. Compliance teams can require re-onboarding before status returns to active. No silent data loss.
The infrastructure providers Vigatra uses to deliver the service. We don't share customer data with anyone outside this list, and we add to it only when necessary.
Vigatra runs on a small, vetted set of industry-standard infrastructure providers — enterprise cloud hosting plus established blockchain-data and pricing services. We add to the list only when necessary, and the complete, current sub-processor list is provided to customers under our Data Processing Agreement (DPA).
Customer data is never shared with these providers — only the queries needed to fetch on-chain or exchange data. Wallet addresses are queried; employee identity is not transmitted.
On-prem deployment, air-gapped environments, custom encryption keys — we've handled it. Talk to us.
Talk to Security →