Data Security & Privacy Policy

The Marseille One client never uploads or stores your API Secret on any of our servers. Exchange credentials are encrypted on first entry using a key derived from your HWID and held exclusively in local storage on the host machine.

We have no infrastructure capable of reading, transmitting, or backing up these secrets. Even with full administrative access to our platform, our team cannot retrieve them.

The only personal data transmitted to our license server is your machine’s HWID — a one-way cryptographic hash derived from CPU, motherboard, and disk identifiers. It is used solely for license verification and HWID-slot enforcement.

We additionally retain the email address provided at purchase for license delivery and critical security advisories. You may request its deletion at any time once your license has expired.

All trading instructions originate on the local client and are sent directly to the exchange over TLS 1.3 encrypted channels, with certificate pinning enforced. Order flow does not transit any Marseille Quant Lab infrastructure at any point.

License heartbeat traffic, when present, is limited to a signed HWID payload over TLS 1.3 and contains no trading data, balances, or positions.