Security is non-negotiable
ForgeTrader is built with bank-grade security from the ground up. Your API keys are encrypted, your funds never leave your exchange, and we never request withdrawal permissions.
AES-256 Encryption
All sensitive data, including API keys, is encrypted using AES-256, the same encryption standard used by banks and governments worldwide.
- API keys encrypted at rest with AES-256-GCM
- All data in transit protected with TLS 1.3
- Encryption keys stored in hardware security modules (HSM)
- Regular key rotation on a scheduled basis
- Zero-knowledge architecture — our team cannot see your keys
- Encrypted backups with separate encryption keys
AES-256 Encryption
All sensitive data, including API keys, is encrypted using AES-256, the same encryption standard used by banks and governments worldwide.
Non-Custodial Model
ForgeTrader never holds, controls, or has access to your funds. Your cryptocurrency stays on your exchange at all times. We simply send trade signals.
- Funds never leave your exchange account
- We cannot initiate withdrawals or transfers
- You maintain full control of your assets at all times
- No custodial risk — your keys, your crypto
- Withdraw directly from your exchange anytime
- No minimum balance requirements on ForgeTrader
Non-Custodial Model
ForgeTrader never holds, controls, or has access to your funds. Your cryptocurrency stays on your exchange at all times. We simply send trade signals.
Trade-Only Permissions
We only request the minimum API permissions needed: read market data and place trades. Withdrawal permissions are never requested or accepted.
- Read-only market data access
- Trade execution permission only
- No withdrawal permission requested — ever
- IP whitelisting support for extra security
- API key validation checks for excessive permissions
- Automatic alerts if key permissions are too broad
Trade-Only Permissions
We only request the minimum API permissions needed: read market data and place trades. Withdrawal permissions are never requested or accepted.
Enterprise-grade data practices
Beyond our three security pillars, we implement comprehensive data security practices across our entire infrastructure.
Data Encryption
All data encrypted at rest and in transit using industry-standard protocols.
Secure Infrastructure
Hosted on SOC 2 compliant infrastructure with 24/7 monitoring and intrusion detection.
Access Control
Role-based access control with multi-factor authentication for all team members.
Audit Logging
Comprehensive audit trails for all system access and configuration changes.
Automated Backups
Encrypted backups with geographic redundancy. Tested recovery procedures.
24/7 Monitoring
Real-time security monitoring with automated threat detection and incident response.
Trade with confidence
Your security is our top priority. Start your free trial knowing your assets and data are protected.