VaultCore TechnologiesWhite-label prop firm infrastructure, built from the core.
VaultCore is built for environments where credential security, tenant isolation, and audit accountability are non-negotiable. Every layer of the platform is designed with the operational realities of prop firm infrastructure in mind.
Role-based access control (RBAC) is enforced across all tenant environments. Operator staff, support roles, and admin accounts carry scoped permissions. Session logging and device activity tracking are built into the platform. MFA enforcement is available and recommended for all operator accounts.
Provider API keys, broker credentials, and integration secrets are stored using encrypted secret management. No credentials are stored in plain text. Client-side applications never receive raw credentials. All secrets follow scoped-permission and key-rotation practices with documented SOP.
Each tenant operates in a logically isolated environment. Brand assets, trader records, account configurations, rule sets, and audit logs are segregated at the tenant level. Cross-tenant data access is not possible by design. Tenant-specific audit logs are available to operator administrators.
All inbound webhooks use signed payloads with signature verification. API endpoints are rate-limited per tenant and per credential. Idempotency keys prevent duplicate processing. All inbound requests are logged with timestamps, source identifiers, and response codes for full traceability.
Production and development environments are fully separated. VaultCore maintains an incident response plan covering detection, containment, notification, and post-mortem. Responsible disclosure is accepted at [email protected]. See our Security Disclosure Policy for researcher guidelines and the 90-day coordinated disclosure timeline.
VaultCore maintains documented data retention schedules by data category. Tenant operators may request data export or deletion for their environment in accordance with the platform's data handling policies. Personal data is not retained beyond operational necessity. See our Privacy Policy for full detail.
Broker and provider credentials stored within VaultCore environments are managed using encrypted secret storage and are never exposed to client-side applications or logged in plaintext.
VaultCore Technologies enforces MTA-STS (Mail Transfer Agent Strict Transport Security) on all outbound and inbound email for vaultcoretechnology.com. This ensures that email sent to and from VaultCore addresses is encrypted in transit and cannot be downgraded to unencrypted delivery by a man-in-the-middle. MTA-STS policy is published at https://mta-sts.vaultcoretechnology.com/.well-known/mta-sts.txt and enforced via DNS TXT record at _mta-sts.vaultcoretechnology.com.
For vulnerability reports, compliance inquiries, or audit support, contact the appropriate team directly.
Report vulnerabilities, suspected breaches, or security concerns. We follow a 90-day coordinated disclosure timeline and provide safe harbor to good-faith researchers.
[email protected]Compliance inquiries, regulatory questions, audit support requests, and provider due diligence documentation.
[email protected]