markitel
Last updated · July 3, 2026
This page summarizes Markitel's security practices for users, reviewers, and partners. It is a transparency statement, not a certification, audit report, insurance policy, service-availability promise, or promise that the platform is free from all risk. Security controls evolve as the product, providers, integrations, and partner requirements change.
Markitel uses managed cloud infrastructure, database services, authentication controls, server-side environment variables, and least-privilege access patterns to reduce operational risk. Administrative surfaces are separated from public routes, sensitive operations use server-side checks, and production credentials are handled through provider secret stores rather than client-side code.
Traffic to Markitel is served over HTTPS. Sensitive provider credentials and broker or venue tokens are designed to stay server-side; where Markitel stores OAuth or connection secrets, they are encrypted before storage and are never meant to appear in user interfaces, screenshots, logs, public docs, or browser-shipped code. Users should still verify account and execution records directly with their broker or venue.
Broker and venue connections use scoped authorization flows where available, such as Spotware OAuth for cTrader. Markitel does not ask for a cTrader password. Disconnect and revocation controls are provided where supported, and venue-specific safety controls such as health checks, circuit breakers, and kill-switch surfaces are part of the operational design.
The platform uses source guards, route-level checks, response hardening, secret-leak checks, consent-gated analytics, and readiness scripts to reduce accidental exposure and overclaim risk. Provider readiness, payment readiness, email readiness, cTrader readiness, and production deployment proof are tracked separately so that a configured key is not confused with a proven live provider path.
Partner API keys, webhooks, embeds, referral links, and co-branded pages are scoped to the approved partner purpose. Partners are responsible for protecting their credentials, limiting access to authorized personnel, and reporting suspected compromise promptly. Markitel may rotate, revoke, suspend, or narrow access when needed to protect users or platform integrity.
If you believe you have found a security issue, email security@markitel.com with the subject line "Security report" and include enough detail for us to reproduce and assess the issue. Do not access, modify, delete, or disclose other users' data, and do not perform testing that degrades service, attempts fraud, or violates the law.
No internet-connected system can be perfectly secure or continuously available. Markitel's safeguards are designed to reduce risk, not eliminate all risk. Users and partners remain responsible for protecting their own devices, accounts, email access, broker credentials, API keys, and connected third-party accounts.