Quantor — a solo-founder product

Why Quantor exists at all

In 2022 3Commas — the most popular crypto-bot SaaS at the time — lost control of API keys for a huge number of its users. The leak went through their infrastructure. Money was withdrawn. The compensation from 3Commas covered only part of it.

That event made it obvious: the existing crypto-bot SaaS category is built around trust, not around verifiability. "Trust us, we're careful" was all they could offer. They had no cryptographic artifact that anyone could verify themselves. Either you believe them — or you have nothing else to go on.

"Quantor is an attempt to build the same class of product, but in a way where the user doesn't have to trust us. So they can verify."

What we do differently

Concretely: every build signed with an offline key, a tamper-evident audit chain, 14 risk gates before LIVE, a regime-aware block on dangerous markets, and exchange-side withdrawal blocked when users create correctly scoped keys. Details on /security and /why.

This doesn't mean Quantor is "safer" in some absolute sense — no one can guarantee absolute safety. It means that every claim we make is independently verifiable, and the risks we can close by construction, we close — rather than papering over with an NDA-style assurance.

What it's built on

One region (GCP me-west1, Tel Aviv). One execution stack (Spring Boot api + Java worker + Express site). One exchange at launch — more added based on user demand. One master encryption key in Secret Manager. One offline signing key held by me. Deliberately narrow — so there's something to sign and someone to be accountable for.

Stack: Java 21 + Spring Boot 3.3 · Cloud Run · Cloud SQL Postgres + Flyway · Ed25519 signing · Cloud Armor edge protection · LemonSqueezy (card) · Sentry · Telegram Bot API.

What we do NOT promise

Yield. Anywhere. Ever. There's no ROI calculator on the site — because past results don't predict future returns, and algorithmic trading is a tool, not a money machine.

What we do promise is operational discipline: predictable behaviour, verifiable signatures, open risk gates, transparent infrastructure. The result you produce yourself using those tools.

What's on the roadmap

Details are in the commits. Briefly: Pine Script v2 import, multi-seat admin for the Teams plan, the /identity command in Telegram, a native mobile app, multi-exchange (Bybit / OKX), and full per-language site mirroring with hreflang. 2FA (TOTP) already ships — enable it in Dashboard → Two-factor authentication.

Legal operator

Pseudonymous on the public site doesn't mean off-the-books. Quantor is operated by its founder in Israel, with business registration in progress:

• Operator: the founder, operating as an individual in Israel — Esek Patur (sole-proprietorship) registration in progress
• Registration status: in progress; it will be completed before any paid checkout opens. No business bank account or payment processing is active yet — the product is free during open beta. The founder is deliberately pseudonymous on this page; that identity is verifiable cryptographically via the signed build.
• Jurisdiction: Israel
• General contact: support@quantorsaas.app
• Bug reports & security: bugs@quantorsaas.app

The current mailboxes are Gmail-hosted while the operator entity registration is in progress. A domain-mapped support mailbox will replace them shortly after launch. The pseudonymity of the public face does not affect the legal accountability of the operator under Israeli law.

If you have thoughts, criticism, or a product suggestion, email bugs@quantorsaas.app. The solo founder reads everything personally.