> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anthid.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> How Anthid protects broker-connected trading infrastructure, credentials, and customer environments

Anthid is built for broker-connected systems where credentials, trading workflows, and account events need strong protection by default.

The platform combines end-to-end encryption, secure credential storage, isolated customer environments, and operational controls so teams can connect broker accounts without taking on the full security burden of building that infrastructure themselves.

## Security model

<Card title="End-to-end encryption" icon="shield-check">
  Anthid uses end-to-end encryption for sensitive platform communication so broker-connected workflows stay protected as requests, responses, and account events move through the system.
</Card>

<Card title="Encrypted credential storage" icon="key">
  Broker credentials are encrypted with AES-GCM before storage. Credentials are treated as sensitive secrets, stored in encrypted form, and designed to support rotation at any time when access policies, broker requirements, or internal security procedures change.
</Card>

<Card title="Sharded customer environments" icon="boxes">
  Customer environments are sharded to provide isolation between organizations. This keeps customer workloads separated at the platform layer and limits the operational blast radius of account-specific activity.
</Card>

## Credential protection

Anthid stores broker credentials using AES-GCM encryption and keeps credential handling separated from normal trading workflows. Your application does not need to persist broker secrets locally once the broker account is connected through Anthid.

Credentials can be rotated whenever needed. This gives your team a practical path to respond to policy changes, broker-side credential updates, employee access changes, or scheduled secret rotation without redesigning the integration.

## Environment isolation

Anthid uses sharded customer environments to isolate organizations from each other. Each customer environment is separated so trading activity, account state, controls, streaming events, and ledger records are scoped to the correct organization.

This isolation model helps protect customer data and reduces cross-customer operational risk while still giving each organization access to managed broker connectivity, controls, metrics, and real-time streaming.

## Platform controls

Security works alongside Anthid's trading controls. Organization, account, and symbol-level guardrails help limit where and when trading can occur, while circuit breakers can stop activity when your team needs to pause trading quickly.

These controls give teams a security-aware operating model: credentials are protected, customer environments are isolated, and trading access can be constrained through platform-level policy.

## Operational posture

Anthid is designed to reduce the amount of sensitive broker infrastructure your team has to build and operate directly.

* Sensitive communication is protected with end-to-end encryption.
* Broker credentials are stored with AES-GCM encryption.
* Credentials can be rotated at any time.
* Customer environments are sharded for isolation.
* Trading workflows can be constrained with organization, account, and symbol-level controls.
* Broker connectivity, streaming, ledger storage, and metrics run through a managed platform layer.
