Security is the product, not a feature.
Your strategies and data are yours. Here’s how we protect them at every layer.
Encryption everywhere
Data is encrypted in transit with TLS 1.3 and at rest with AES-256. Secrets never touch logs.
Access control
Least-privilege access, short-lived credentials, and audited entry to production systems.
We never hold your funds
Helicon is research and alerting only. We don’t take custody of assets or execute trades on your behalf.
Continuous monitoring
Anomaly detection, dependency scanning, and alerting run around the clock across our stack.
Data minimisation
We collect only what the product needs, and give you tools to export or delete your data.
Secure by default
Security reviews are part of every release. Changes ship through audited, automated pipelines.
Responsible disclosure
If you’ve found a vulnerability, we want to hear from you. Report it privately and we’ll acknowledge within 48 hours and keep you posted through to a fix.
[email protected]Please don’t publicly disclose an issue until we’ve had a chance to address it. We don’t currently run a paid bounty, but we credit every reporter who asks.