Trust
Security
Last updated: July 15, 2026
This page is maintained by Scenixa Labs and describes the current security practices we operate. It is not a certification and does not constitute a warranty. Security is a shared responsibility between Scenixa, the operators running the SDK, and end users.
Product architecture
- Open-source SDK. The
open-api-mt5package runs entirely on the operator's machine. Broker credentials and MT5 sessions stay local — Scenixa Labs has no access to them. - Website. Served over HTTPS with modern TLS. Traffic is proxied through a managed edge that handles common network-layer protections.
- Contact forms. Submissions are validated server-side and sent to a private support inbox. We do not expose the destination address in the page or client bundle.
Access & authentication
- Access to production systems is restricted to authorized maintainers.
- Administrative accounts require strong, unique credentials and multi-factor authentication where the provider supports it.
- Least-privilege service credentials are used for background jobs and integrations.
Data handling
- We minimize the data we collect — see the Privacy Policy.
- Data in transit is encrypted with TLS.
- Data stored with our infrastructure providers is encrypted at rest by those providers.
- Broker credentials used by the SDK never transit Scenixa infrastructure.
Software development
- Source is managed in version control with peer review before release.
- Dependencies are tracked and updated when security advisories are published.
- Releases of the open-source SDK are tagged and published to PyPI.
Vulnerability disclosure
If you believe you have found a security issue in Scenixa or the open-api-mt5 package, please report it privately via our contact form with the subject "Security". Please include:
- A description of the issue and its impact.
- Steps to reproduce, or a proof of concept.
- Affected version(s) and environment.
We ask that you give us a reasonable window to investigate and remediate before public disclosure. We do not currently operate a paid bug-bounty program, but we will credit researchers on request.
Compliance
Scenixa does not currently hold third-party security certifications. Enterprise customers with specific compliance requirements can request additional documentation during procurement — contact us.
Shared responsibility
Operators of the SDK are responsible for securing the machine that runs it, protecting broker credentials, and following their broker's terms. Enterprise customers are responsible for user access management inside their own tenant.