Bank-Level Security
Your keys, your funds. We never have access.
Our Security Promise
We use a "Blind Administration" architecture where even platform administrators cannot access your API keys. Your credentials are encrypted with AWS KMS, and only automated Lambda functions can decrypt them for trade execution.
Zero-Custody Architecture
We never hold your funds. All trades execute directly through your exchange account using your API keys.
• Your crypto stays in your exchange account
• We can't withdraw or transfer your funds
• You maintain full control at all times
Blind Administration
Even our system administrators cannot decrypt your API keys. Access is explicitly denied via AWS IAM policies.
• Keys encrypted with AWS KMS
• Admins denied decryption permissions
• Only Lambda functions can use keys
Military-Grade Encryption
Your API keys are encrypted using AWS Key Management Service (KMS) with AES-256 encryption.
• AES-256 encryption standard
• Customer Managed Keys (CMK)
• FIPS 140-2 validated hardware
Complete Audit Trail
Every single trade execution is logged and visible in your execution history with full details.
• Exact time of each trade
• Amount purchased and price
• Order IDs for verification
What We Never Do
We only need view + trade access
All keys encrypted with AWS KMS
We only execute your configured trades
Your information stays private
🏗️ Technical Architecture
API keys encrypted with AWS KMS (Customer Managed Key) and stored in AWS Secrets Manager
IAM policies explicitly deny administrators kms:Decrypt permissions
Only authorized Lambda functions can decrypt keys for trade execution
All trades logged to DynamoDB ExecutionHistory table with CloudWatch monitoring
Region: us-east-2 (Ohio)
Encryption: AES-256-GCM