markitel
How Markitel protects partner integrations, broker connections, and browser sessions — scoped keys, fail-closed controls, encrypted credentials, and an audit trail on everything.
These are product controls, not sales claims. They are kept visible because broker and partner reviews should be able to ask direct questions and receive precise answers.
Client components are guarded from referencing server-only keys such as broker secrets, Stripe secrets, API provider keys, and the vault master key. Public code receives only non-sensitive configuration.
Global response headers enforce content-type sniffing protection, same-origin framing for normal pages, a restrictive content-security policy baseline, and explicit exceptions only for embeddable partner widgets.
Non-essential analytics and browser error telemetry load only after the visitor accepts cookies. The footer keeps a cookie settings control available so consent can be changed later.
Partner API keys use bearer authentication with explicit scopes. Stats and signal-feed access are separate grants, and internal signal fields are excluded from the published response shape.
Partner widgets use their own framing policy instead of loosening the whole site. Normal pages stay same-origin framed; only the embed route permits cross-origin framing.
Each external provider integration runs on its own scoped credentials with independent health checks — no shared master keys across services.
We do not claim SOC 2, ISO 27001, PCI certification, or regulatory approval unless and until those audits are completed and documented.
Encryption, access controls, monitoring, and least-privilege design reduce risk, but no internet service can promise absolute security.
Production secrets, database migrations, and trading-critical configuration change only through explicit, verified human actions — never automatically.
For formal vendor review, start with the documents below. Send security questionnaires and responsible-disclosure reports to security@markitel.com. We will answer from current evidence rather than reuse generic vendor language.
Personal-data handling, processors, retention, rights, and breach notice language.
Security practices →Responsible disclosure, security boundaries, and safe reporting instructions.
Transparency →What Markitel is, what it is not, and how to verify every claim.
Partner API docs →The server-to-server integration contract and keyed partner surfaces.
Status →Operational health and public service state.
Real-time feeds. One verdict. Zero guesswork.
Start on the Free $0 plan — then connect supported venues as your workflow moves from signal review to execution.