API Keys Security Policy

Zenith 8 Crypto requires only two permissions on your exchange API keys: Read (account & market data) and Trade (spot and/or futures, depending on plan).

The Withdraw permission must remain disabled. We strongly recommend you create exchange keys without withdrawal rights — the application is designed never to request or use that permission.

Where your exchange supports it, we recommend whitelisting the server IP addresses used by Zenith 8 Crypto on each API key. This prevents the key from being used from anywhere except authorized infrastructure, even if it were intercepted.

Zenith 8 Crypto runs on your own computer. Your exchange API keys are stored locally in your operating system’s native credential vault (Windows Credential Manager / DPAPI) and are never transmitted to, or stored on, 3Algos servers.

Protect your 3Algos account with a strong, unique password. We strongly recommend enabling two-factor authentication at your exchange as well, so that key creation and account changes on the exchange side are independently protected.

Key actions on your account — sign-ins, key changes and trade activity — are recorded so that you and our support team can review them if needed.

You retain control of your connected bots at all times: you can pause automated trading and close managed positions from your dashboard and from the application itself.