Your Funds Stay Safe
Kelor never has control over your funds. Everything stays in your exchange accounts where it belongs.
Funds Stay in Exchange
Your funds always remain in your exchange accounts. Kelor never touches or has custody of your assets.
Trade API Only
All transactions are executed through exchange Trade APIs. We only send trading instructions, never move funds.
You're Always in Control
You can revoke Kelor's access anytime by deleting the API key from your exchange. Instant disconnect.
Never Grant Withdrawal Permission
Kelor will never ask for withdrawal permissions and does not support any withdrawal features. This is a core security principle.
No Withdrawal Support
Kelor's platform does not and will never support withdrawal functionality. We cannot move your funds out of exchanges.
Required Permissions Only
Kelor only needs specific permissions to function properly. Nothing more, nothing less.
How We Protect Your Credentials
Your API keys are encrypted and only decrypted when absolutely necessary
Encrypted Storage
All API keys and credentials are encrypted in our database using industry-standard encryption algorithms. Your sensitive data is never stored in plain text.
Decrypt Only When Needed
We only decrypt your API keys when making private API calls to exchanges on your behalf. The keys are decrypted in memory, used, and immediately discarded.
Secure Infrastructure
Our servers are protected with multiple layers of security including firewalls, intrusion detection, and regular security audits.
Encryption Flow
You create API key on exchange
Without withdrawal permissions
API key encrypted and stored
Using AES-256 encryption
Decrypted only for API calls
In memory, never logged or stored
Key immediately discarded
After API call completes
Security Best Practices
Follow these guidelines to keep your account and funds secure
Use IP Whitelisting
When creating API keys, enable IP whitelisting if your exchange supports it. This adds an extra layer of security.
Regular API Key Rotation
Periodically regenerate your API keys as a security best practice, especially if you suspect any compromise.
Monitor API Activity
Check your exchange's API activity logs regularly to ensure all API calls are legitimate and expected.
Enable 2FA on Exchange
Always enable two-factor authentication on your exchange accounts for maximum security.
Review Permissions Regularly
Periodically review the permissions granted to Kelor and ensure they remain appropriate for your usage.
Never Share API Keys
Your API keys are like passwords. Never share them with anyone or post them publicly.
What We Monitor
Our security team actively monitors for suspicious activity
Unusual Activity
We monitor for unusual patterns in API usage, trading behavior, and access patterns that might indicate compromise.
Login Locations
We track login locations and alert you to access from new or suspicious geographic locations.
System Vulnerabilities
We conduct regular security audits and vulnerability assessments to identify and fix potential security issues.
Our Security Commitments
What you can always count on from Kelor
No Fund Custody
We will never hold, custody, or have direct access to your funds.
No Withdrawal Features
Our platform will never support or request withdrawal permissions.
Encrypted Credentials
All API keys are encrypted at rest and only decrypted when necessary.
Transparent Operations
Clear communication about what we do and don't do with your data.
Instant Revocation
You can revoke our access anytime by deleting API keys from your exchange.
Regular Security Audits
Ongoing security assessments to maintain the highest standards.
Security Questions?
Our security team is here to address any concerns about how we protect your data