Trust

Security

How Leomonk handles credentials, user access, and safer operating boundaries.

Back To Home System Status

Credential handling

Exchange credentials are encrypted at rest and are not displayed back to users after storage. The server must decrypt credentials in runtime memory only when it needs to place authorized exchange requests.

Because a trading bot must submit exchange orders, true end-to-end encryption is not technically accurate. Our public wording uses the more accurate security position: encrypted at rest, restricted in use, and never requiring withdrawal permission.

Permission boundaries

Withdrawal-enabled keys should not be used.
Trading permissions should be scoped to the exchanges and products the user intends to use.
Users should rotate keys if they suspect compromise.
Users remain responsible for exchange-side permissions, account security, MFA, and IP allowlists.

Operational protections

Leomonk includes guardrails, status surfaces, logs, and ledger reconciliation tools. These controls reduce operational confusion but cannot eliminate exchange outages, market gaps, slippage, liquidity failures, API downtime, or user configuration mistakes.