Enterprise-Grade
Security by Default

Cloud-Hosted Infrastructure

LiveArt runs on modern cloud infrastructure with managed services, leveraging decades of security engineering from leading cloud providers. Infrastructure is provisioned, monitored, and patched continuously.

Encryption at Rest

All data at rest is encrypted using AES-256, the industry standard used by financial institutions and government agencies. Database encryption uses managed keys with automated rotation.

Encryption in Transit

All API communications are encrypted via TLS 1.2 or higher. Connections using older protocols are rejected. Every request between client and server is encrypted end-to-end.

Automated Backups

Continuous automated backups with point-in-time recovery. Backup data is encrypted at rest and stored in a separate geographic region from the primary infrastructure.

Network Security

Network segmentation isolates production systems from development and staging environments. Firewall rules follow least-privilege principles. All inbound traffic is filtered and rate-limited.

High Availability

Multi-zone deployment with automatic failover. Published SLA of 99.5% monthly uptime for Enterprise clients. Scheduled maintenance windows communicated 48 hours in advance.

API Key Authentication

Every API request is authenticated via Bearer token. Tokens are scoped to individual credentials and can be rotated at any time. Unauthenticated requests are rejected.

OAuth 2.0

User-scoped access via OAuth 2.0 for applications that act on behalf of individual users. Standard authorization code flow with PKCE support.

SSO / SAML

Enterprise clients can integrate LiveArt with their identity provider via SAML 2.0 single sign-on. Centralized user management, automated provisioning and deprovisioning.

Role-Based Access Control

Granular permissions scoped by role. API credentials can be restricted to specific endpoints and operations. Administrators control what each team member or application can access.

IP Allowlisting

Enterprise accounts can restrict API access to a defined set of IP addresses. Requests from non-allowlisted IPs are rejected before they reach the application layer.

Multi-Factor Authentication

MFA available for all platform accounts. Required for administrative access. Supports standard TOTP authenticator apps.

No Resale of Customer Data

Customer application data, usage patterns, and client information are never sold, shared, or used to benefit other customers. Your data is yours.

Data Isolation

Enterprise accounts operate in logically isolated environments. Customer-submitted data (portfolios, watchlists, client information) is segregated from other accounts at the application and database level.

Retention & Deletion

Clear data retention policies. Customer data is retained only for the duration of the subscription. Upon termination, customer-submitted data is deleted within 30 days, with written confirmation available on request.

GDPR Compliance

LiveArt complies with the EU General Data Protection Regulation. Data processing agreements are available for Enterprise clients. Data subject access and deletion requests are honored within statutory timeframes.

IP Protection

Published Terms of Service with clear intellectual property protections. Tiered enforcement for unauthorized access, redistribution, and ML training use. Anti-scraping monitoring on all API endpoints.

Audit Support

Enterprise clients can request usage reports, access logs, and security documentation for their own compliance and audit requirements. Quarterly business reviews include security posture discussion.