Security at Alpaca
Here at Alpaca, we take security seriously. We have implemented industry best practices to ensure your data remains secure on our platform.
Compliance
Alpaca adheres to the ISO 27001:2013 standard and undergoes annual SOC 2 Type 2 assessments against all 5 trust services criteria, Security, Confidentiality, Availability, Integrity, and Privacy.
Further, Alpaca complies with GDPR and UK’s ICO Data Protection programs to ensure the privacy and security of all personal data collected and/or stored.
Achieving the SOC 2 Type 2 attestation and being independently verified, assures that Alpaca has an effective Security and Privacy program.
Infrastructure
Alpaca’s infrastructure is built on top of Google Cloud Platform which is built on a secure-by-design foundation and has attained several security and privacy certifications and attestations including ISO 27001, SOC 1, SOC 2, PCI DSS, and is compliant with GDPR.
For more information, click here to access Google’s Trust Center.
We have established a robust multi-layered network ecosystem utilizing Google's infrastructure to ensure the constant availability and protection of our applications and data. The access to our infrastructure and data is regularly reviewed to ensure only authorized personnel gain access. Along with rigorous security measures, we maintain the availability of the data we gather by performing comprehensive daily backups that are stored offsite, and these backups are tested daily to ensure their integrity.
Alpaca operates under a Zero Trust architecture, a security model that emphasizes the importance of verifying every access attempt to our network, applications, and data, regardless of the user's location or affiliation.
Access to our infrastructure requires strong credentials and two-factor authentication.
Data Handling and Encryption
Alpaca takes the handling of confidential data very seriously, implementing a series of robust measures to ensure its protection and maintain the trust of our clients and stakeholders. These measures include:
- Confidential data is encrypted both at rest and in transit, using advanced encryption algorithms and protocols including AES-256 in storage and TLS in transit
- We classify data based on its sensitivity, with confidential data receiving the highest level of protection
- We employ stringent access control policies to ensure that only authorized personnel have access to confidential data based on their roles and responsibilities
- Our staff receives training and reminders on handling confidential data to help foster a security-conscious culture within the organization
Vulnerability Disclosure and Bug Bounty Program
We actively cooperate with global security researchers to detect and address security weaknesses within our platform. If you suspect that you've discovered a security flaw, please submit a request to our support team at support@alpaca.markets to be invited to our bug bounty program where you may be rewarded if we confirm the issue to be valid and aligns with our bug bounty policy. If you would like to encrypt your email back to us please use the public key found below.
Click here for further information on Alpaca’s Security program.
Download Public Encryption Key