Security & Trust

Your Security is Our Priority

Trading requires trust. SurgePilot is designed from the ground up to be the most secure way to automate your crypto portfolio.

Built for Safety,
Designed for Trust.

The primary risk in automated trading isn't just market volatility. It's platform security. SurgePilot employs institutional-grade security protocols to protect your data and your access.

Non-Custodial Architecture

SurgePilot never touches your actual funds. We only send trade execution commands to your exchange via secure API keys. Withdrawals are strictly prohibited by our system design.

API Key Encryption

Your API keys are encrypted at rest using AES-256 GCM. We use hardware-backed security modules to ensure that your secrets remain secret.

Minimal Permission Scoping

We require only 'Trade' and 'View' permissions. We explicitly guide you to disable 'Withdrawal' permissions on your exchange dashboard for absolute peace of mind.

Security Checklist

AES-256 Encryption for API Secrets
Multi-factor Authentication (MFA) Support
Trade-Only API Permission Enforcement
Encrypted Database Backups
DDoS Protection via Cloudflare
Sandboxed Strategy Execution

Important: SurgePilot will never ask for your exchange password or withdrawal permissions. Always keep your API secrets private.