What 'non-custodial' actually means when an algo trades for you

Custodial means a service holds your money for you (like a centralized exchange). Non-custodial means you keep your money — the service only acts on it through a limited interface.

Smartbull is non-custodial because your funds never leave your exchange account. We connect via an API key with trade-only permission. We can place and cancel orders. We cannot withdraw, transfer, or even change your account settings.

Every major exchange collapse since 2022 (FTX, several mid-tier shops) wiped out custodial users. Non-custodial users on those exchanges still had their funds locked, but at least the algo platform they used wasn't a second point of failure.

With Smartbull, if we go offline tomorrow, your positions stay on your exchange and you keep trading them manually. Nothing of yours lives on our servers.

To trade for you we read your balance and position list. That data is encrypted in transit (TLS 1.2+) and at rest (AES-256-GCM with per-row IVs). It's gated by Postgres Row-Level Security — even an SQL bug couldn't leak one user's data to another.

The orchestrator runs every minute, decides what to do based on the live walk-forward catalog, and writes one row to <code>bot_orders</code> per decision. You can export the full history from /account → Activity any time.

Two-step recovery:

• Revoke the key on the exchange first. That's the only action that actually stops it.
• Then delete it from /account → Vault.

Even though the key can't withdraw, treat any leak as a compromise — re-issue, re-paste, done in 60 seconds.