> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.6mm.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.6mm.com/_mcp/server.

# Security Policies

Security at 6MM is built into every layer of the system.

As an embedded perpetual trading infrastructure, 6MM applies strict security policies to protect platform stability, partner integrations, and trading operations.

These policies define how security risks are identified, mitigated, and managed across the 6MM ecosystem.

***

<h2 id="security-design-principles">
  Security Design Principles
</h2>

6MM follows several core security principles:

* Defense in Depth

  Multiple layers of protection across infrastructure, application, and trading logic
* Least Privilege

  Access rights are granted only when necessary and strictly limited in scope
* Separation of Duties

  Critical systems, environments, and permissions are isolated
* Fail-Safe Defaults

  Systems default to secure states under abnormal conditions

***

<h2 id="infrastructure-security">
  Infrastructure Security
</h2>

6MM enforces security controls at the infrastructure level, including:

* Network segmentation and access isolation
* Encrypted communication between services
* Continuous system monitoring and alerting
* Redundancy and failover mechanisms

Infrastructure access is restricted and audited.

***

<h2 id="application-and-trading-engine-security">
  Application & Trading Engine Security
</h2>

Security measures applied to the trading layer include:

* Deterministic order matching logic
* Real-time validation of orders and margin requirements
* Strict input validation for APIs and SDKs
* Rate limiting and abuse prevention

These measures ensure consistent behavior even during extreme market conditions.

***

<h2 id="access-control-and-authentication">
  Access Control & Authentication
</h2>

* Role-based access control (RBAC) is enforced internally
* API credentials are permission-scoped
* Session and credential lifecycles are managed securely

End-user identity and authentication remain under partner control.

***

<h2 id="data-protection">
  Data Protection
</h2>

6MM applies data protection standards such as:

* Encryption of sensitive data at rest and in transit
* Minimal data retention policies
* Controlled access to operational logs

6MM does not store or manage end-user personal information.

***

<h2 id="continuous-security-review">
  Continuous Security Review
</h2>

Security policies are maintained through:

* Regular internal security assessments
* Code reviews and automated testing
* External audits and third-party reviews (when applicable)

Policies evolve alongside system architecture and threat models.

***

<h2 id="partner-responsibilities">
  Partner Responsibilities
</h2>

While 6MM secures its infrastructure and trading systems:

* Partners are responsible for user-facing security
* Asset custody and user account protection remain with partners
* Secure integration practices are required

Clear responsibility boundaries help reduce systemic risk.