Our website traffic runs entirely over encrypted SSL (https). Neither Iterative Instinct nor FluxTrade.co ("Flux Trade") store any outside customer funds, and neither do they store hot or cold wallets, nor private keys. Flux Trade does store API keys associated with exchange accounts. We use two factor authentication to protect user passwords on all i2 sites.
Iterative Instinct encrypts all its servers and local hard drives, utilizes strong passwords, and enables screen locking for staff machines. We use SQL injection filters and verify the authenticity of POST, PUT, and DELETE requests to prevent CSRF attacks. Flux Trade rate limits a variety of calls on the site including, but not limited to, login attempts. We whitelist attributes on all models to prevent mass-assignment vulnerabilities.