Security by Design
Your private keys are never stored. They’re transmitted, used to sign transactions, and immediately discarded.
- No database of wallets to hack: we don’t have your keys
- A stolen API key is useless: attackers can’t do anything without your private keys
- No single point of failure: your assets remain under your control
Even if someone gains access to your Launchpad Trade account or API key, they cannot access your funds without your private keys.
How Your Data is Protected
| Data | Storage | Protection |
|---|---|---|
| Private keys | Never stored | Transmitted via TLS, used once, discarded |
| Encrypted database | KMS/HMS encryption | |
| API key | Encrypted database | KMS/HMS encryption |
| Transaction logs | Not stored | No transaction history retained |
Encryption Standards
Your account data (email, API key) is stored in an encrypted database protected by:- KMS (Key Management Service): secure key storage and rotation
- HMS (Hardware Security Module): hardware-level encryption
Transaction Flow
When you make a trade through the API, here’s what happens:Infrastructure
Your requests are protected by enterprise-grade security:- DDoS protection: automatic mitigation of attacks
- TLS encryption: all traffic encrypted in transit
- Private network database: isolated from public internet
- Global edge network: low-latency, distributed infrastructure
Your Responsibilities
While we handle infrastructure security, you’re responsible for:Secure your private keys
Secure your private keys
Your private keys are the master access to your wallets. Keep them:
- In secure, encrypted storage
- Never in client-side code or public repositories
- Backed up in a safe location
Protect your API key
Protect your API key
Your API key authenticates your requests. Store it in environment variables and never expose it publicly.See Authentication for details.
Use secure servers
Use secure servers
Run your trading scripts on secure, trusted servers. Follow our Best Practices for optimal setup.