Security First

Your API keys are your crown jewels. Here's exactly how we protect them.

🛡️ Your Funds Stay on YOUR Exchange

We never hold, transfer, or have access to your money. TradeAgent 24/7 only sends trading orders on your behalf using your API keys - with no withdrawal capability.

NO Withdrawal Permission Required

When you create API keys on your exchange, DO NOT enable withdrawal permissions. TradeAgent 24/7 only needs:

✓ Read Balances✓ Spot Trading✗ Withdraw

How We Encrypt Your API Keys

AES-256-GCM Encryption

Your API keys are encrypted using AES-256-GCM, the same standard used by banks and governments. Each key has a unique initialization vector (IV).

Key Separation

The encryption key is stored separately from the encrypted data - in environment variables that never touch the database.

HTTPS Everywhere

All data in transit is encrypted with TLS 1.3. API keys are never sent over unencrypted connections.

Webhook Verification

All incoming webhooks (Stripe, AsterPay) are verified using cryptographic signatures to prevent spoofing attacks.

What If Something Goes Wrong?

Q: What if TradeAgent 24/7 is hacked?

Your funds are safe. Even if attackers obtain your encrypted API keys, they cannot use them because:

  • Keys are encrypted - useless without the encryption key
  • Encryption key is in environment variables, not the database
  • Your API keys have no withdrawal permission (if you followed our recommendation)

Q: What if I lose access to my account?

Revoke your API keys on the exchange. You can always:

  • Log into Binance/Coinbase/etc. and delete the API key
  • This immediately stops all trading from TradeAgent 24/7
  • Contact us at support@tradeagent247.com to recover your account

Q: What if TradeAgent 24/7 shuts down?

Your money stays on your exchange. Simply:

  • Delete the API keys you created for TradeAgent 24/7
  • Your balances, positions, and funds are unaffected
  • Continue trading manually or with another service

Security Best Practices

When Creating API Keys, Always:

1️⃣

Create a NEW key just for TradeAgent 24/7

Don't reuse keys from other services

2️⃣

Enable Read + Spot Trade only

NEVER enable withdrawal

3️⃣

Set IP restrictions if available

We'll provide our server IP

4️⃣

Regularly review connected apps

Delete unused API keys

Questions About Security?

Our team is happy to explain our security measures in detail.

Contact Security Team