Specifications, integration matrix, deployment topology, security posture, and operational SLAs for the Bruno brokerage technology stack. Intended for technology decision-makers, integration architects, compliance officers, and procurement teams evaluating Bruno for production deployment.
Bruno is a three-product brokerage technology stack sharing a single relational data backbone. Components are deployable independently or as a unified suite.
| Product class | Client-facing trading & investment platform (white-label) |
| Native platforms | iOS 14+Android 8+WebWindows 10+macOS 11+ (Intel & Apple Silicon) |
| Asset classes | Equities · FX · CFDs · Crypto · Commodities · Indices · ETFs · Structured products |
| Order types | Market · Limit · Stop · Stop-Limit · Trailing Stop · OCO · Bracket · Fractional · Notional |
| Charting engine | TradingView Advanced Charts (embedded). 100+ indicators. Multi-timeframe. Custom drawing tools. |
| Authentication | Email/password · Phone OTP · Social OAuth (Google · Apple · Facebook · LinkedIn) · Biometric (FaceID / TouchID / Android Biometric) |
| KYC / AML | Embedded providers: Sumsub · Jumio · Trulioo · Custom provider via OpenAPI plugin |
| Payment rails | WorldPay · Stripe · CheezePay · DokuPay · FastPay · MiPay · UPI · SEPA · ACH · Wire · Crypto (BTC, ETH, USDT, USDC) |
| Localization | 12+ languages out of the box · RTL support (Arabic, Hebrew) · Custom locale packs |
| White-label | Custom domain · Theme tokens (color, typography, density) · Module-level feature flags · Custom email & SMS templates |
| Mobile sign-up time | < 60 seconds end-to-end including KYC fast path |
| API surface | REST · WebSocket for streaming quotes & portfolio · Webhook outbound events |
| Product class | Institutional order management & execution platform |
| Throughput | 5,000+ orders / sec sustained · 10,000+ orders / sec burst (single instance) |
| Order-to-ack latency | P50 < 15 ms · P95 < 35 ms · P99 < 80 ms (intra-DC) |
| FIX protocol | FIX 4.4 / 5.0 native · Multiple session support · Drop-copy sessions · Session-level encryption (TLS 1.2+) |
| Liquidity connectors (bundled) | Centroid · FXCubic · OneZero · PrimeXM · Saxo · Interactive Brokers · MetaQuotes (MT5 bridge) · Bloomberg · Refinitiv |
| Execution models | A-book (STP) · B-book (internal warehousing) · Hybrid (rule-based routing) · Smart routing across multiple LPs |
| Dealer desk | Real-time book view · Manual intervention · Position offsetting · Risk dashboards · Slippage analysis · TCA reports |
| Corporate actions | Dividends · Stock splits · Mergers · Spin-offs · Symbol changes · Automated client-position adjustment |
| Group & symbol management | Unlimited groups · Per-group leverage, commission, spread, swap overrides · Per-symbol overrides at any level |
| Multi-jurisdiction support | One instance, multiple regimes: ESMA · FCA · ASIC · DFSA · CySEC · MAS · SCA · CMA |
| Deployment options | Managed SaaS · On-premise · Hybrid · Source-code licensing available |
| High availability | Active-passive failover · Cross-AZ replication · < 30 s RTO · < 5 s RPO |
Bruno Admin is included at no incremental cost with any Bruno Core subscription. 90+ modules organized into 10 functional families.
| Module family | Capabilities |
|---|---|
| Client Lifecycle | KYC/AML pipelines · PEP & sanctions screening · Document vault · Risk classification · Lead scoring · Conversion funnels |
| Financial Operations | Deposits · Withdrawals · Credit-in/out · Manual adjustments · Wallet management · Multi-currency · Reconciliation · Fund transfers |
| Risk & Compliance | Exposure monitoring · Margin call alerts · Toxic-flow detection · Per-jurisdiction rule engine · Audit logs (immutable) |
| IB & Partner Network | Unlimited IB tiers · CPL/CPA/Revenue-share/Hybrid plans · Auto-payout · Sub-IB hierarchies · Marketing materials API |
| Copy & Social Trading | Master-follower accounts · Strategy leaderboards · Performance fees · Subscription management |
| Reporting & BI | 20+ pre-built reports · Cohort analysis · Client LTV · Dormant-client re-engagement · Custom SQL access (read-replica) |
| Marketing & Promotions | Deposit bonuses · No-deposit bonuses · Cashback · Loyalty tiers · Wagering requirements · Campaign attribution |
| Support Center | Ticketing · Live chat · SLA timers · Knowledge base · Voice-call integration · CSAT scoring |
| OMS Administration | Feed configuration · Routing rules · Symbol mappings · Session monitoring · Drop-copy feeds |
| System & Security | RBAC (granular permission matrix) · Team management · API key management · SSO (SAML 2.0 / OIDC) · IP allowlisting · Full audit trails |
| AI KYC Agent | Sub-5-second document verification · Self-improving model · Fallback to human review queue |
| Support Chat AI | 24/7 tier-1 deflection · Quality-scored handoff · Conversation analytics · 12+ languages |
| Risk Management AI | Real-time fraud detection · Suspicious-activity monitoring · Toxic-flow alerts · Cross-account pattern recognition |
| Voice AI Agents | Inbound & outbound call handling · Multilingual · Whisper AI transcription · CRM-attached call notes |
46+ pre-built connectors bundled with every Bruno deployment. No per-connector licensing or runtime fees. Full vendor list available on request; custom connectors via the Integration Expert program.
FIX-compliant order routing to top-tier prime brokers, ECNs, and aggregators. Multi-asset including FX, equities, futures, and crypto venues.
Real-time and historical pricing feeds. Tick-level data, technical indicators, fundamentals, and reference data for all supported asset classes.
Global, regional, and crypto payment rails. Deposits, withdrawals, payouts, and multi-currency reconciliation — all PCI-handled by integrated providers.
Automated identity verification, document checks, liveness, PEP / sanctions screening, and AML transaction monitoring across 190+ jurisdictions.
Transactional and notification channels. Email, SMS, push, voice, and chat — with templating, deliverability tracking, and per-region routing.
Foundation models, transcription, and the cloud stack underpinning every Bruno deployment — multi-region, multi-cloud, with managed observability.
| REST API | OpenAPI 3.1 schema · Versioned (v1 stable) · OAuth 2.0 + API key auth · Token-bucket rate limiting |
| WebSocket streaming | wss:// · Quote feed · Trade feed · Position updates · Heartbeat 30 s · Automatic reconnect |
| Webhooks (outbound) | Signed payloads (HMAC-SHA256) · Configurable retry & backoff · Event filtering |
| FIX connectivity | Initiator and acceptor sessions · Stunnel TLS · Drop-copy feeds for compliance archival |
| Rate limits (default) | 1,000 req/min per API key · WebSocket: 200 subscriptions/connection · Configurable per enterprise tier |
| Model | Description |
|---|---|
| Managed SaaS | Tradesocio-hosted on AWS / Azure. Single-tenant. Regional data residency available (EU, ME, APAC). Default 30-day deployment timeline. |
| On-premise | Client-hosted on customer infrastructure (Kubernetes). Bring-your-own compute, storage, networking. Tradesocio retains operational support contract. |
| Hybrid | Bruno Core hosted by Tradesocio · Bruno OMS on customer premise · Bruno Admin managed. Useful for jurisdictional data-locality constraints. |
| Source-code licensing | Full source-code escrow available for enterprise deployments. Suitable for clients requiring control of all binaries. |
| MT5 coexistence modes | MT5 + Bruno OMS hybrid routing · Bruno OMS replacing MT5 entirely · Bruno OMS complementing existing MT5 (dealer desk, corporate actions, OHLC layer) |
| Encryption in transit | TLS 1.2+ (TLS 1.3 preferred) · Perfect Forward Secrecy · HSTS · Certificate pinning on mobile apps |
| Encryption at rest | AES-256-GCM · KMS-managed keys · Per-tenant data key separation |
| Authentication | Multi-factor (TOTP, SMS, biometric) · SSO via SAML 2.0 / OIDC · IP allowlisting · Session timeouts & concurrent-session limits |
| Authorization | Role-based access control · Granular permission matrix · API key scoping · Just-in-time elevation for sensitive operations |
| Audit logging | Immutable append-only audit trail · 7-year default retention · Real-time SIEM export · Tamper-evident hash chaining |
| Vulnerability management | Quarterly external pentest · Continuous dependency scanning · Bug bounty program · CVE patching SLA: critical < 24 h, high < 7 d |
| Regulatory frameworks | ESMA · FCA · ASIC · DFSA · CySEC · MAS · SCA · CMA · GDPR-aligned data handling |
| Certifications & attestations | SOC 2 Type II (in progress) · ISO 27001 (roadmap) · PCI DSS coverage via payment partners |
| Data residency | EU (Frankfurt, Ireland) · ME (UAE, Bahrain) · APAC (Singapore, Sydney) · Per-client selection at deployment |
| Metric | Target |
|---|---|
| Platform availability | 99.9% monthly (excludes scheduled maintenance with ≥ 7-day notice) |
| Order placement latency | P95 < 35 ms intra-DC · P99 < 80 ms intra-DC |
| Market data freshness | < 100 ms tick-to-screen from primary exchange feed |
| Disaster recovery RTO | < 30 seconds (active-passive failover) |
| Disaster recovery RPO | < 5 seconds (synchronous replication) |
| Support response (P1) | < 15 minutes acknowledgment · 24×7 on-call |
| Support response (P2) | < 2 hours · Business hours |
| Backup cadence | Continuous WAL streaming · 24×7 snapshots · 30-day default retention |
| Service credits | Pro-rated credits below SLA threshold per monthly billing cycle |
| Week 1 | Discovery · Technical scoping · Architecture review · Security questionnaire |
| Weeks 2–3 | White-label configuration · Theme & branding · Module feature toggles · LP integration setup |
| Weeks 3–4 | Environment provisioning (staging + production) · Connectivity testing · KYC pipeline configuration |
| Week 4 | User acceptance testing · Penetration test (optional) · Go-live readiness review |
| Day 30 | Production launch · First trade-ready · Post-go-live hypercare (14 days) |
| + 4 months | TradingView vendor certification (if requested) · Broker-directory listing activation |