Trade automation should be transparent about its trust boundary.
LoopTrading is non-custodial software: assets remain at your exchange, while a narrowly scoped API credential lets the worker read balances and place trades. That credential can still trade, so we protect it as high-value material and disclose where protection depends on your exchange or hosting configuration.
Credentials are designed to survive a database disclosure
Exchange secrets use versioned AES-256-GCM envelopes with authenticated context binding. The encryption key lives outside the database, supports staged rotation, and secrets are never returned after submission.
Least privilege is enforced
LoopTrading needs view and spot-trade access, not withdrawals or transfers. Connections that report dangerous permissions are rejected. Where an exchange cannot report every permission, the limitation is disclosed during setup.
Live execution is observable and fail-safe
Workers publish heartbeats, price-feed coverage, capacity, and order activity. WebSocket feeds are paired with freshness checks and REST recovery; trade leases and idempotency reduce duplicate execution during failover.
Implemented safeguards
Optional authenticator-app two-factor authentication with one-time recovery codes
Password, session, same-origin, rate-limit, and new-device alert protections
Security activity history for sign-ins, MFA changes, and exchange-key lifecycle events
In-place API-key rotation that preserves bot history and refuses to race active bots
Credential scrubbing before error and session-replay telemetry leaves the application
Withdrawal/transfer permission rejection where the exchange exposes permission data
Per-trade safety checks, no-loss controls when enabled, reconciliation, and P&L verification tools
Encrypted HTTPS transport and browser security policies including CSP and anti-framing controls
Shared responsibility
Use a unique exchange key with only the permissions LoopTrading documents.
Enable MFA at both LoopTrading and the exchange; protect the email account behind them.
Use exchange IP allowlisting only when the Integrations page shows stable outbound addresses.
Rotate or revoke a key immediately after suspicious activity, and contact the exchange.
Review open orders and balances at the exchange; no automated system eliminates trading or platform risk.
What we do not claim
Security is a continuing process, not a guarantee. LoopTrading does not currently claim SOC 2, ISO 27001, hardware-backed key custody, or universal exchange IP allowlisting. A separately isolated signing service and managed key system are planned infrastructure upgrades; until deployed, authorized web and worker server processes share the application encryption boundary.