Connection Security

What Sigma Engine Can Do

Place limit orders on your account based on settings you provide
Cancel orders on your account
Read positions and balances

What Sigma Engine Cannot Do

Withdraw funds from your account
Transfer funds to other addresses
Access other users' accounts
Modify account settings or permissions

Revoking Access

You can revoke access at any time:

Linked Signer: Go to the exchange's settings → Linked Signers → Revoke
API Keys: Go to the exchange's API Management → Delete the API key

After revoking

The bot can no longer place orders on your behalf. Your funds remain safe. You'll need to reconnect if you want to resume trading.

Credential Encryption

All credentials (signer keys, API keys, API secrets) are encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256). Encryption keys are stored in environment variables, never in code or logs.

What Sigma Engine Can Do​

What Sigma Engine Cannot Do​

Revoking Access​

Credential Encryption​

What Sigma Engine Can Do

What Sigma Engine Cannot Do

Revoking Access

Credential Encryption