This project is experimental and research-oriented.

Only the latest version on the main branch is considered for security review.

Older releases and forks are not supported.

If you discover a security issue, please do not open a public issue.

Instead, report it privately using one of the following methods:

• GitHub Security Advisories (preferred), or
• Email: theodor@byteventures.se

Include:

• A clear description of the issue.
• Steps to reproduce, if applicable.
• Potential impact (especially related to funds, credentials, or order execution).

You can expect an acknowledgment within 7 days.
Fix timelines depend on severity and project capacity.

This policy applies to:

• Credential handling.
• Order execution and risk controls.
• Exchange integrations.
• Web dashboard and API endpoints.
• Dependency-related vulnerabilities.

It does not cover:

• Financial losses due to market behavior.
• Strategy performance or profitability.
• User misconfiguration.

Please allow reasonable time for investigation and remediation before public disclosure.

This project is provided as-is for experimental use. Security best practices are applied where feasible, but no guarantees are made.