Data Security

How 1MLX protects your listings, deal data, and member information.

1MLX is a closed cooperative. Your listing data, deal activity, and member information stay inside the exchange. We don't sell data, we don't share it with third parties for marketing, and we don't use it to compete with you. This page explains the specific measures in place — and the limits of what we can guarantee.

Platform Infrastructure

Where your data lives and how it's protected at the infrastructure level.

Hosting
Cloudflare-managed infrastructure with DDoS protection, edge caching, and global CDN. All traffic served over HTTPS.
Encryption
TLS 1.3 for data in transit. AES-256 encryption for data at rest. Database connections encrypted end-to-end.
Access Control
Role-based permissions. Firm administrators control who within their brokerage can view, edit, or submit listings.
Authentication
Verified enrollment process. Email-based account recovery. Session tokens with automatic expiration.

Listing Data Protection

Your listings are the core asset. Here's how we treat them.

Visibility
Listings are visible only to verified 1MLX members. No public scraping, no search engine indexing of listing details.
Ownership
Your firm's listings remain your firm's data. 1MLX does not claim ownership of listing content submitted to the exchange.
Bulk Export
Only authorized firm administrators can export their own firm's listing data. Cross-firm bulk downloads are not permitted.
Deletion
Firms can remove their listings at any time. Deleted listings are purged from active systems within 30 days.

Space Cadet — AI Assistant

Space Cadet is 1MLX's AI market intelligence companion. In the current demo, Space Cadet runs on ElevenLabs infrastructure — a professional voice AI platform. Your questions, the responses, and the voice interactions pass through ElevenLabs servers during this demo phase.

What Space Cadet can access in the demo: Listing data, market statistics, and research included in its training corpus. It does not have access to any firm's internal deal pipeline, financial records, or communications.

What Space Cadet does not store: Conversations are processed in-session. Space Cadet does not build a persistent profile of your queries or share your questions with other members.

Demo data is not isolated: Because Space Cadet is hosted externally on ElevenLabs during the demo, the sample listing and market data it references is served from a shared demonstration cache rather than from an isolated member environment. This is a deliberate demo-phase choice, not a permanent architecture. No proprietary firm data is in the demo cache — only the curated sample dataset built for demonstration purposes.

Production architecture: In production, Space Cadet will run on dedicated 1MLX infrastructure hosted on AWS, and the data it serves will move to an internal-only data cache behind 1MLX's own authentication and access controls — no external hosting, no shared cache. Voice processing, query handling, and response generation will all operate within 1MLX's own environment, with no routing through external AI providers. The production build will meet the security standards described on this page. The demo reflects capability, not the final security architecture.

Voice Processing

Space Cadet can read responses aloud using ElevenLabs voice synthesis during the demo phase.

Demo phase: Voice synthesis is handled by ElevenLabs. Audio is processed on ElevenLabs servers. This is disclosed here so founding members understand what the demo reflects versus what production will deliver.

Production design: Voice generation will run on dedicated 1MLX infrastructure. Your questions, the data behind the answers, and the spoken responses will be processed internally — nothing routed to an external service. The text-to-speech pipeline will operate within the same secure AWS environment as Space Cadet itself.

Voice is optional: Members can choose to read Space Cadet's responses as text or hear them spoken. Voice interaction is always a member's preference, never a requirement.

What We Don't Do

Some things are off the table. Period.

We don't sell your data. Not to data aggregators, not to tech companies, not to anyone. The exchange exists to serve its members, not to monetize their information.

We don't use listing data to train AI models. Your listings are not training material. Space Cadet is trained on market knowledge and research — not on the proprietary details of your deals.

We don't share one firm's activity with another. Your search patterns, listing views, and Space Cadet queries are not visible to other member firms.

We don't allow public access. There is no "free tier" or public search. Every user is a verified broker at an enrolled firm.

What's Still Being Finalized

We'd rather tell you what we're still working on than pretend everything is settled.

SOC 2 certification for 1MLX itself. We're building toward this but don't have it yet. Our infrastructure providers hold their own certifications. We'll pursue ours as the platform matures.

Formal penetration testing. Scheduled for pre-launch. Results will be shared with founding members.

Data Processing Agreement for members. A DPA specific to 1MLX will be available before production launch, covering how we handle your data, retention periods, and your rights.

Incident response plan. Being drafted. Will include notification timelines, member communication protocols, and remediation procedures.

A note to founding members: You're helping us build this. If there's a security concern we haven't addressed, or a measure you'd expect to see here, tell us. This page will evolve as the platform does — and your input shapes what goes on it.