Platform Platform overview Modules Solutions Industries Commodities Roles Quant More Pricing Customers Knowledge Center Blog Company Request Demo
Security & trust

Security is architecture, not a bolt-on

A trading platform holds a firm’s positions, prices, and counterparties, among its most sensitive data. Gravitas is built so that authentication, authorization, encryption, and a complete audit trail are properties of the platform, not features added later.

The control plane

Governed by construction

Every material change, to trades, reference data, and configuration, passes through a governed control plane that validates, versions, and records it. That is what makes the platform auditable and reproducible as-of any point in time.

Reports & dashboards Workflows & approvals Commodities, books & instruments Governed platform core configured, not coded

New commodities, workflows, and reports are configuration on top of a governed core, change stays fast and low-risk.

Access

Authentication & authorization

Authentication

Who you are

  • Token-based, OAuth-style authentication for every API call
  • Short-lived, signed access tokens, limited blast radius if leaked
  • Support for enterprise identity (SSO) in managed and private deployments
Authorization

What you may do

  • Role-based access scoped to modules, books, and actions
  • Least-privilege by default, users and integrations get only what they need
  • The same governance enforced in the UI and the API
Data protection

Encryption & data handling

  • Encryption in transit (TLS) for all traffic
  • Encryption at rest for stored data
  • Data residency options, keep data in your chosen jurisdiction via private-cloud or on-premises deployment
  • Versioned reference and market data, so historical valuations reproduce exactly as-of a date
Auditability

A complete, queryable audit trail

Because every change flows through the control plane, Gravitas produces a complete audit trail by construction, every material action is attributable to a user and reproducible as-of any point in time. This is the foundation for regulatory reporting and internal governance alike.

Deployment

Deploy where your data must live

The same platform runs as managed SaaS, in your private cloud, or fully on-premises, so security and residency requirements shape the deployment, not the feature set.

SaaSfully managedfastest to valuewe run it Private cloudyour tenancydata residencyyour cloud On-premisesfull controlyour infrastructureyour servers

Gravitas deploys where your data needs to live, fully managed SaaS, your private cloud, or entirely on-premises.

FAQ

Security questions

Where is our data stored?

Depending on deployment, in a managed environment, your own private cloud tenancy, or on-premises. Private-cloud and on-premises options give you direct control over data residency.

How is access controlled?

Through token-based authentication and role-based authorization scoped to least privilege. The same model governs both the UI and the API.

Is there an audit trail?

Yes. Every material change passes through a governed control plane that versions and records it, producing a complete, queryable audit trail that is reproducible as-of any date.

Can Gravitas meet our regulatory requirements?

The governed data model and audit trail are designed to support regulatory reporting (such as EMIR and Dodd-Frank). A demo is the best way to map specifics to your obligations.

Review our security posture with us

Request a demo

We’ll walk your security and compliance teams through the architecture, deployment options, and controls.