Botely security overview

Your account email + your dydx1… owner address (public).

Encrypted-at-rest copy of your trading-key private key (AES-256-GCM with a server-side master key). This is for Phase 1 readiness — Phase 0 the bot reads the key from its own host's .env, not from this DB row.

Trade history of signals delivered to you. Strategy parameters (public). Bot toggle state.

Your wallet mnemonic / recovery phrase. Keplr or Ledger hold it. It is never sent to Botely under any circumstance.

Your trading-key private key in cleartext after the initial register POST. The server encrypts it immediately and only stores the ciphertext.

Your Stripe payment card details. Stripe handles payments; Botely receives only a customer ID.

Trading key leaks: attacker can place/cancel orders on ETH/SOL/BNB sub 0. Cannot transfer or withdraw. You revoke + rotate (~$0.50 gas) and you're clean. See trading-key-security-model for the full whitelist details.

Botely server compromise: attacker gets encrypted trading-key blobs but cannot decrypt them without the server-side master key (which lives in a separate env var on a separate hardening tier). Even decrypted, see point above — the keys are heavily scoped.

Your mnemonic leaks: catastrophic — see the wallet-compromise runbook. The chain has no way to roll this back; the attacker can move funds. Don't store the mnemonic on any internet-connected device beyond a hardware wallet's secure element.

The trading bot + SaaS are both in the same repo. Anything described in these guides can be verified by reading the code.

The /security page lists external audits and code-review history.