Your API keys are stored locally

Credentials are kept in your browser's local storage and sent directly to exchange APIs. We never store them on any server. For security, use API keys with trading permissions only — disable withdrawal permissions.