Launch App

Security Policies

Security at 6MM is built into every layer of the system.

As an embedded perpetual trading infrastructure, 6MM applies strict security policies to protect platform stability, partner integrations, and trading operations.

These policies define how security risks are identified, mitigated, and managed across the 6MM ecosystem.

Security Design Principles

6MM follows several core security principles:

  • Defense in Depth

    Multiple layers of protection across infrastructure, application, and trading logic

  • Least Privilege

    Access rights are granted only when necessary and strictly limited in scope

  • Separation of Duties

    Critical systems, environments, and permissions are isolated

  • Fail-Safe Defaults

    Systems default to secure states under abnormal conditions

Infrastructure Security

6MM enforces security controls at the infrastructure level, including:

  • Network segmentation and access isolation

  • Encrypted communication between services

  • Continuous system monitoring and alerting

  • Redundancy and failover mechanisms

Infrastructure access is restricted and audited.

Application & Trading Engine Security

Security measures applied to the trading layer include:

  • Deterministic order matching logic

  • Real-time validation of orders and margin requirements

  • Strict input validation for APIs and SDKs

  • Rate limiting and abuse prevention

These measures ensure consistent behavior even during extreme market conditions.

Access Control & Authentication

  • Role-based access control (RBAC) is enforced internally

  • API credentials are permission-scoped

  • Session and credential lifecycles are managed securely

End-user identity and authentication remain under partner control.

Data Protection

6MM applies data protection standards such as:

  • Encryption of sensitive data at rest and in transit

  • Minimal data retention policies

  • Controlled access to operational logs

6MM does not store or manage end-user personal information.

Continuous Security Review

Security policies are maintained through:

  • Regular internal security assessments

  • Code reviews and automated testing

  • External audits and third-party reviews (when applicable)

Policies evolve alongside system architecture and threat models.

Partner Responsibilities

While 6MM secures its infrastructure and trading systems:

  • Partners are responsible for user-facing security

  • Asset custody and user account protection remain with partners

  • Secure integration practices are required

Clear responsibility boundaries help reduce systemic risk.

PreviousBug Bounty ProgramNextIncident Response

Last updated