Last updated: April 2026
SniperMachine is built on a simple principle: your funds never leave your exchange. We connect to your account via API keys — nothing more. Below is a full explanation of every security measure in place.
SniperMachine never holds, touches, or controls your funds. Your money stays on your exchange (Binance, Alpaca, or your own wallet) at all times. We only execute trades on your behalf using read and trade permissions — nothing else.
We are not a custodian. We cannot transfer, move, or access your balance in any way other than placing and closing trades within the limits of your plan.
All API keys you provide are encrypted using AES-256 before being stored in our database. This is the same encryption standard used by financial institutions and government agencies worldwide.
Keys are decrypted only at the moment a trade is executed — and only in server memory, never written to disk in plaintext.
When connecting your exchange, you must create an API key with read and trade permissions only. Withdrawal permission must remain disabled.
SniperMachine will never ask you to enable withdrawal access. If you receive any message claiming to be from SniperMachine asking for withdrawal-enabled keys, treat it as a phishing attempt.
All API keys and user data are stored on a dedicated Hetzner VPS with restricted access. The server runs behind a firewall with all unnecessary ports closed. Database access is not exposed to the public internet.
No third party has access to the stored API keys. Our team accesses server data only through authenticated, encrypted SSH connections.
If you cancel your subscription or delete your account, your API keys are immediately and permanently deleted from our database. We do not retain them in backups after deletion.
You should also revoke the API key directly on your exchange after cancelling — this is the safest practice regardless of what any service claims to do with your keys.
We strongly recommend enabling 2FA (Two-Factor Authentication) on your exchange account. This protects your exchange account independently of anything SniperMachine does.
Even if your exchange login credentials were compromised, 2FA prevents unauthorized access. Most exchanges support Google Authenticator or a hardware key (YubiKey).
Questions about security? Email us at support@snipermachine.com