Mirador by Amapola — Architecture & Data Security Brief
Mirador by Amapola is a managed macro regime intelligence service that combines rules-based cross-asset classification with AI-reviewed synthesis.
Important Disclosures
Not investment advice. Mirador is an informational service. Nothing in the service output constitutes a recommendation to buy, sell, or hold any security. Amapola Farms LLC is not a registered investment adviser, broker-dealer, or financial planner under the Investment Advisers Act of 1940, the Securities Exchange Act of 1934, or the Washington Securities Act (RCW 21.20). Regime classifications, AI-generated analysis, and all other service outputs are provided for general informational and educational purposes only. Subscribers should consult a qualified financial professional before making investment decisions. Past regime classifications are not indicative of future market conditions.
No guarantee of accuracy. The service is provided “as is” and “as available” without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, accuracy, or non-infringement. Amapola does not warrant that the service will be uninterrupted, error-free, or that regime classifications or AI analysis will be accurate or complete. Market data is sourced from third-party providers and may be delayed, incomplete, or incorrect.
Limitation of liability. To the maximum extent permitted by applicable law, Amapola Farms LLC shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or investment returns, arising out of or related to the use of or inability to use the service. Total aggregate liability shall not exceed the fees paid by the subscriber in the twelve (12) months preceding the claim.
Executive Summary
- Mirador provides cross-asset regime intelligence, daily briefings, weekly summaries, and an auditable regime call log for general market awareness and informational purposes.
- The service is delivered as a managed platform with browser-based review, not customer-installed software.
- The service does not require or collect customer portfolio holdings, broker credentials, or financial account data.
- The live app is protected behind HTTPS with TLS certificates; protected routes fail closed without authentication.
- This brief describes the current service posture only. It is not a certification package or future-state roadmap.
What Mirador Does
Mirador by Amapola is a customer-facing intelligence service for macro market regime monitoring. Subscribers receive regime intelligence, daily and weekly briefings, and an auditable regime call log — delivered through a managed browser interface operated by Amapola. The service ingests cross-asset market signals, classifies regime state with a rules-based engine, and produces AI-reviewed synthesis for human-readable outputs. It is not execution software, not a trading platform, and not a source of personalized investment advice.
Regulatory Status
Amapola Farms LLC is not a registered investment adviser, broker-dealer, or financial institution. The service is a general-circulation informational publication that delivers the same regime classifications and analysis to all subscribers without personalization or tailoring to individual portfolios.
What Data Mirador Uses
| Category | Examples | Why Used | Sensitivity | Notes |
|---|---|---|---|---|
| Market / Public Data | Equities, volatility, rates, credit, FX, commodities, crypto | Raw inputs for regime classification and market context | Low | Relies on third-party providers; some sources can be delayed, fallback-backed, or temporarily degraded. |
| Derived Signals / Composites | Regime stage, feature scores, composite stress signals, regime transition log | Turns market data into an auditable regime framework | Medium | Derived by Mirador from market data; used for call logs, snapshots, and summaries. |
| System Operational Data | Service logs, health status, request IDs, backup metadata | Supports uptime, diagnostics, alerting, and operations | Medium | Operational telemetry only, not client portfolio data. |
| Subscriber Account Data | Email address, authentication credentials, billing information (via Stripe) | Service delivery, authentication, and billing | Medium | Collected solely for service operation. Not shared with third parties except payment processing (Stripe). Server logs may record IP addresses and request metadata for security purposes. |
| Customer Financial Data | Portfolio holdings, broker credentials, financial account data | Not collected, not stored, not processed | N/A | Mirador does not collect, store, or process subscriber portfolio holdings, broker credentials, or financial account data. The service operates entirely on public market data. |
What Data Mirador Does Not Require
- Customer portfolio holdings: Not collected
- Broker credentials: Not collected
- Financial account data: Not collected
- Customer-side software installation: Not required
- Write access into customer systems: Not required
- Network integration into customer environment: Not required
How Mirador Is Hosted and Accessed
Mirador is hosted on AWS and operated by Amapola. The application runs as a blue-green Docker container stack on EC2. PostgreSQL runs on AWS RDS (encrypted at rest, not co-located with the application). Public traffic terminates at Caddy, which handles TLS and proxies to the active application container. The application container is not directly exposed to the internet. This is a managed-service posture, not a customer-run deployment.
Current surfaces: Amapola-hosted dashboard view, regime call log / snapshot exports, and managed briefing/report delivery.
Authentication and Access Control
Protected routes require explicit authentication. Browser login uses a server-validated HTTP-only session cookie with Secure flag enforced. Scripted/API access uses an explicit bootstrap credential in the X-API-Key header. Deep health, dashboard/API routes, and WebSocket live updates are protected. This is not SSO, enterprise IAM, per-user RBAC, or a multi-tenant design.
Data Retention, Backup, and Operations
Mirador stores live data in AWS RDS PostgreSQL (encrypted at rest). Daily automated PostgreSQL backups run via systemd timers on the production host. A restore drill from a real backup into a disposable non-production database has been completed successfully. Primary application logs are retained on persistent storage, and a watchdog monitors readiness plus poll-loop freshness. Verified operator alerting currently uses ntfy.
Current Limitations
- Mirador is an early-stage product, not an enterprise platform.
- Current access control is narrow and controlled, but it is not a full multi-user auth or RBAC system.
- Market-data quality depends on third-party providers; some sources are fallback-backed or can degrade temporarily.
- Outputs are general informational intelligence, not automated trading, order routing, or portfolio accounting.
- Regime classifications are systematic but not guaranteed to be accurate, timely, or complete.
Next Step
Request pilot info, a demo, or the pilot one-pager at info@amapola.io.
Amapola Farms LLC · Washington State · EIN 41-5056468 · Governing law: State of Washington