Security
Security and IP handling
Olaaia engagements are designed for clients who care about IP ownership, data security and clean handover. The short version is below.
Last updated: May 24, 2026 · v1.0
Code ownership
Your repo on a private GitHub from day one. Full transfer to your account on final payment. No code lockup, no licensing fees, no escrow tricks.
Credentials
I never request exchange or broker API keys with withdrawal permissions. Read-only or trading-only keys only. Withdrawal keys stay with you. Where TOTP / Yubikey is supported, it is enabled.
NDAs
Mutual NDA standard before any code or proprietary strategy is shared. Template available on request, or sign yours.
Data
I don't store client trading data on my infrastructure beyond the engagement window. Live trading logs are retained only on the broker / exchange and on infrastructure the client controls. Internal logs are deleted within 30 days of handover unless otherwise agreed.
Professional liability
Professional liability cover is available on request for engagements above $10,000. The certificate is shared before kick-off.
Compliance posture
Olaaia provides software engineering services only. Olaaia is not registered with any securities regulator in any jurisdiction, does not custody client funds, does not provide investment advice, and does not trade client accounts. See the full risk disclosure.
Source-code review
On request I host a screen-share walk-through of the source before final payment so an in-house engineer or third-party auditor can sign off.
Vulnerability disclosure
Report security issues to security@olaaia.com. Coordinated disclosure window: 90 days. Public credit on the changelog page if requested.
Infrastructure
This site is hosted on Vercel (Edge regions GRU and IAD). HTTP responses ship X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and a Permissions-Policy that disables camera, microphone, and geolocation. HSTS is delivered by the Vercel edge.