Your funds, your keys, your decisions.
Botely is non-custodial by design. We never see, hold, or route your money. This page is the receipt for that promise.
Five hard rules.
Never custody
We never receive, hold, or route user funds. Signals are emitted; you execute (or don't) on your own account, with your own broker.
Never your private keys
No mnemonic, no seed phrase, no wallet upload. If automation is needed, every paid plan delivers an HMAC-signed webhook to YOUR endpoint.
Never edit history
Closed trades, once published on /performance, are never edited or removed. If a number changes, you'll see a diff in the changelog.
Never anonymous strategies
Every signal is tied to a specific strategy version with a SHA-256 config hash. The hash is pinned per-signal; you can verify which exact ruleset produced what.
Never auto-execute without consent
Autotrade is opt-in and gated by a permissioned Hyperliquid agent wallet you grant from your own wallet (EIP-712 ApproveAgent). The agent's authority is scoped at chain level to place/cancel orders on ETH-USD, SOL-USD, BNB-USD only โ no withdrawals, no other markets, no other actions โ and is revocable on-chain at any time. Signal-only is the default.
How we protect your data.
Hosting
EU data centres only ยท GDPR-aligned
Transport
TLS for every request ยท HSTS ยท auto-renewing certificates
Auth
Industry-standard password hashing ยท rotating session tokens ยท optional 2FA
Data at rest
Encrypted database ยท access-restricted backups ยท audit logs retained
Webhook signing
HMAC SHA-256 ยท rotating secrets per subscriber
Trading venue
Hyperliquid perpetuals ยท agent-wallet signing ยท on-chain settlement
Find a bug? Tell us.
If you spot a security issue โ auth bypass, signal forgery, data leak, anything else โ email us before posting publicly. We don't run a paid bounty yet but we credit reports and fix fast.
security@botely.trade