Security & Permissions

Your security is our top priority. Here's exactly how we protect your funds and data.

Read-Only Access

Can never touch your funds

AES-256 Encrypted

Military-grade security

Revoke Anytime

You're always in control

The Golden Rule

We can NEVER touch your funds. Period.

TrustCrypto uses read-only API keys that have zero trading or withdrawal permissions. Even if we wanted to (we don't), we physically cannot:

Place trades
Cancel orders
Withdraw funds
Transfer assets
Change account settings
Enable new permissions

How Read-Only APIs Work

When you create an API key on Binance or Bybit, you choose what permissions to grant.

Standard API Permissions Available:

  • Read — View balances and trade history
  • Trade — Place and cancel orders
  • Withdraw — Move funds off the exchange
  • Transfer — Move funds between sub-accounts

What TrustCrypto Requires:

Read (ONLY THIS)
Trade NOT enabled
Withdraw NOT enabled
Transfer NOT enabled

If you accidentally enable trading or withdrawal permissions, delete that API key immediately and create a new one with only read permissions.

What We Can & Cannot See

What We Can See

Trade History

  • Past trades (entry, exit, size, PnL)
  • Position history
  • Order history

Open Positions

  • Current open trades
  • Position size and leverage
  • Unrealized PnL

What We Cannot See

  • Passwords
  • Email address (unless you provide it)
  • 2FA codes
  • KYC documents
  • Payment methods
  • Withdrawal addresses

Data Encryption

API Keys

  • Encrypted at rest using AES-256 encryption
  • Encrypted in transit using TLS 1.3
  • Never stored in plain text
  • Never logged or displayed

Trade Data

  • Stored in secure, encrypted database
  • Access restricted to authorized systems only
  • Regular security audits

IP Whitelisting

When you set up your API key, you restrict it to our server IP:

54.151.142.103

This means even if someone stole your API key (they won't), they couldn't use it from any other location.

What TrustCrypto Is NOT

Let's be crystal clear about what permissions we don't have:

Not a Trading Platform

We never place trades for you. We don't have trading permissions, automated trading features, or copy trading functionality. Your API key is read-only.

Not a Custodian

We don't hold, custody, or have any access to your funds. Your assets stay on your exchange. Always. We cannot withdraw or transfer anything.

Not Affiliated with Exchanges

TrustCrypto is independent from Binance, Bybit, and all other exchanges. We're a third-party analytics service with no special access or partnerships.

What We DO Have Permission For:

  • View your trade history (read-only)
  • Calculate your PnL and statistics
  • Display your verified performance publicly

For more about what we don't offer as a service, see the About page.

What Happens If...

Our Database Is Hacked?

  • Your API keys are encrypted — useless without the decryption key
  • Even with decrypted keys, they're read-only — no funds can be moved

You Want to Stop Using TrustCrypto?

  • Delete your API key on Binance/Bybit
  • OR delete your profile on TrustCrypto
  • We lose all access instantly

Best Practices

Follow these tips to stay extra secure:

1. Enable IP Restrictions

Always add our IP (54.151.142.103) when creating your API key.

2. Never Share API Secrets

Your API secret is like a password. Don't share it publicly or paste it anywhere except TrustCrypto.

3. Monitor Your API Usage

Both Binance and Bybit show API connection logs. Check occasionally to ensure only TrustCrypto is connecting.

4. Revoke Unused Keys

If you stop using TrustCrypto, delete the API key from your exchange.

Platform Security

Infrastructure

  • Hosted on secure cloud infrastructure
  • Regular backups
  • DDoS protection
  • Monitoring and alerting

Development Practices

  • Code reviews for all changes
  • Automated security scanning
  • Minimal data collection
  • No third-party tracking scripts

Compliance & Transparency

What We Do With Your Data

  • Calculate and display trading statistics
  • Generate public profiles
  • Improve platform performance

What We DON'T Do With Your Data

  • Sell it to third parties
  • Share it with advertisers
  • Use it for marketing
  • Train AI models with it

Transparency Log

What We Know About You:

  • Your exchange username (if public)
  • Your trade history
  • Your performance stats

What We Don't Know:

  • Your real name (unless you tell us)
  • Your email (unless you provide it)
  • Your location
  • Your identity

You control your anonymity. Use any username you want on TrustCrypto.

Remember:

Your funds never leave your exchange. TrustCrypto is analytics, not custody.

Related: How It WorksFAQ