Security

Zero storage by design. Here is exactly what happens to your keys.

🔒 The short version: we never store your exchange API keys or secrets. They are encrypted the moment you submit them, handed straight back to you inside your alert files, and forgotten. There is no database of keys to breach.

How key handling works

When you connect an exchange in the builder, your API key and secret are sent over TLS to the StrategyFactory encryption service, encrypted with AES-256, and returned to your browser in encrypted form. The plaintext is discarded. The encrypted values are placed inside the TradingView alert files the builder generates for you, and that is the only place they live. trigger.trade has no key database, no stored credentials, and no way to look your keys up after the page closes.

What your alert files contain

The generated files carry your encrypted credentials. They cannot be decrypted by you or anyone else outside the StrategyFactory execution service, but they do authorize trades on your account through that service. Treat the files like a password:

What we actually hold

That is the complete list. No exchange keys, no balances, no positions, no trade history.

Recommendations for your exchange API key

Transport and infrastructure

All traffic runs over HTTPS. Encryption happens server-side on the StrategyFactory infrastructure; plaintext keys are never written to logs or disk. The website itself is a static application with no backend of its own, which keeps the attack surface deliberately small.

Reporting a vulnerability

If you believe you have found a security issue, email [email protected]. We appreciate responsible disclosure and will respond as quickly as we can.