How key handling works
When you connect an exchange in the builder, your API key and secret are sent over TLS to the StrategyFactory encryption service, encrypted with AES-256, and returned to your browser in encrypted form. The plaintext is discarded. The encrypted values are placed inside the TradingView alert files the builder generates for you, and that is the only place they live. trigger.trade has no key database, no stored credentials, and no way to look your keys up after the page closes.
What your alert files contain
The generated files carry your encrypted credentials. They cannot be decrypted by you or anyone else outside the StrategyFactory execution service, but they do authorize trades on your account through that service. Treat the files like a password:
- Keep them private. Anyone who has them could fire trades on your account.
- If a file leaks, rotate the API key on your exchange. That instantly invalidates every alert file built from it, and you can regenerate in two minutes.
What we actually hold
- Your sign-in account. Authentication is handled by Clerk (a dedicated auth provider). We see your email address and basic sign-in metadata.
- Standard server logs. Our hosting provider keeps ordinary technical logs (IP address, request paths, timestamps) for security and reliability.
That is the complete list. No exchange keys, no balances, no positions, no trade history.
Recommendations for your exchange API key
- Create a dedicated API key just for auto-trading.
- Give it trade and read permissions only. Always disable withdrawal permissions.
- Consider a sub-account holding only the balance you want the strategy to trade.
- Fire one test alert with a small size and check the position on your exchange before trusting a live strategy.
Transport and infrastructure
All traffic runs over HTTPS. Encryption happens server-side on the StrategyFactory infrastructure; plaintext keys are never written to logs or disk. The website itself is a static application with no backend of its own, which keeps the attack surface deliberately small.
Reporting a vulnerability
If you believe you have found a security issue, email [email protected]. We appreciate responsible disclosure and will respond as quickly as we can.