Summary of Si14 QI security practices and customer responsibilities. This Security Statement summarizes the security practices used to protect Si14 QI services and customer information. It is informational and does not create a separate warranty or service-level commitment unless included in a signed agreement.
1. Security governance
Si14 QI uses internal policies, role-based responsibilities and operational controls designed to protect confidentiality, integrity and availability. Security practices are reviewed as the product, infrastructure and threat environment evolve.
2. Access controls
-
access to production systems is limited to authorized personnel based on business need;
-
authentication controls and account permission structures are used for user and administrator access;
-
customer workspaces are logically separated through application-level controls;
-
API keys and tokens must be protected by customers and may be rotated or revoked if compromised.
3. Data protection
We use technical measures such as encryption in transit where appropriate, provider-level infrastructure protections, backups, logging and permission controls. Sensitive operational data is restricted to personnel and service providers with a legitimate need.
4. Monitoring and incident response
We monitor systems for operational health, abuse, errors, suspicious activity and service reliability. Potential incidents are assessed, contained, investigated and remediated according to severity. Customers will be notified where required by law or contract.
5. Infrastructure and providers
Si14 QI may use reputable cloud, hosting, analytics, communications, payment, security and support providers. Provider controls, locations and availability may change over time as the service evolves.
6. Backups and continuity
Backup, recovery and continuity practices are designed to reduce data loss and support service restoration. No backup or continuity process can guarantee uninterrupted service or recovery of every user action.
7. Customer responsibilities
-
use strong passwords and enable available multi-factor authentication;
-
protect API keys, tokens, exported reports and account credentials;
-
limit workspace access to authorized users and remove users promptly when access is no longer needed;
-
do not upload unnecessary sensitive data, private keys, trading credentials or regulated personal data;
-
review exports before sharing and preserve disclaimers, timestamps and risk warnings.
8. Vulnerability reporting
Report suspected vulnerabilities, unauthorized access or security concerns to support@si14.ai. Do not perform intrusive testing, scanning, exploitation or denial-of-service activity without prior written authorization.
9. Limitations
No technology service can guarantee absolute security. Security controls reduce risk but cannot eliminate all threats, human errors, provider failures, zero-day vulnerabilities or customer-side compromise.