SECURITY & RISK

SPOTGOBOT is non-custodial. It executes spot orders on your exchange — nothing more.

SPOTGOBOT’s scope is to automate spot execution with explicit risk limits. This page explains API permissioning, key management and encryption, execution guardrails, and the controls you always retain (pause/disable, exposure caps, logs).

Spot, no leverage Withdrawals disabled Stop anytime

SPOTGOBOT security principles

  • Non-custodial: funds always remain on the exchange.
  • API keys are created by you, with the minimum permissions required.
  • No withdrawal permission (withdraw) on the keys used by the bot.
  • Risk limits per pair/strategy (sizing, max entries, filters, cooldowns).

Even with these protections, crypto trading is risky. Use the bot only with amounts you can afford to lose.

1. Exchange connections and API permissions

Minimum API permissions

  • We use API keys that you create on supported exchanges.
  • Currently on: BINANCE/MEXC.
  • Required configuration: spot permissions only (trade + read).
  • Withdrawals disabled on the keys used by the bot (no withdraw permission).
  • You can revoke the key at any time directly on the exchange.

SPOTGOBOT uses these keys to read balances, stream prices, and place BUY/SELL orders according to your execution rules. All custody and account control remains on the exchange side.

Key storage and encryption

  • Keys are stored encrypted using secret-management services.
  • The dashboard never shows the API secret again after saving.
  • Access to decrypted secrets is restricted to the execution service.
  • You can delete/rotate the key and update the dashboard whenever you want.

The objective is to minimize the attack surface: limit where keys exist, encrypt at rest, and restrict which services can access them.

2. Risk limits and bot control

Risk controls in the strategy

  • Buy Amount: position size per entry.
  • Max Number of Buys: maximum ladder depth (simultaneous entries).
  • Per-pair exposure caps so you don’t allocate more than intended.
  • You can stop at any time.

Think of these controls as risk guardrails: even during high volatility, the bot will not exceed the limits you set.

Pause, turn off, and test mode

  • The bot can be paused or turned off at any time.
  • Test/sandbox mode to try configurations with reduced risk.
  • Execution logs so you can audit what the bot did and why.
  • Support team can force a pause in case of a serious incident.

You retain the kill switch: if you’re not comfortable with the bot’s behavior, pause/disable execution and review the logs and settings.

3. What SPOTGOBOT is — and what it is not

What SPOTGOBOT is

  • A spot execution bot for rule-based entries/exits.
  • A dashboard to manage execution parameters and risk controls.
  • A way to reduce emotional trading by following predefined rules.

In short: an execution tool to place orders within the guardrails you configure.

What SPOTGOBOT is not

  • It is not an exchange and it does not custody your funds.
  • It is not financial advice and it does not guarantee profits.
  • It does not control deposits, withdrawals, or KYC on the exchange.
  • It does not eliminate crypto market risk.

Outcomes depend on market conditions, liquidity/slippage, the strategy, and your parameterization. Losses can occur.

4. Subscription payments in crypto

How payments work

  • SPOTGOBOT subscriptions are paid in stablecoins USDC or USDT.
  • Supported networks: Solana.
  • Before any real charge, the wallet address and the correct network to use will be clearly indicated.
  • Service access is activated after the payment is confirmed on the chosen network.

This helps reduce fees and makes payments easier from exchanges that already support USDC/USDT on this network.

Payment risks and best practices

  • Sending funds on the wrong network can mean a total loss of the amount sent.
  • Always confirm the coin, network, and address before approving the transfer in your exchange or wallet.
  • Network fees vary with blockchain load; Solana typically has low fees.
  • Only use stablecoins from legitimate sources (known exchanges or secure wallets).

If in doubt, first send a small test transfer and confirm receipt before sending larger amounts.

5. Best practices recommended for you

Exchange security

  • Enable 2FA (two-factor authentication) on the exchange.
  • Use a strong, unique password or even passkeys.
  • Periodically review active API keys and remove those you don’t use.
  • Verify that the access IP or location matches what you expect.

Personal risk management

  • Start with small amounts until you’re comfortable with the bot.
  • Do not allocate capital you cannot afford to lose.
  • Avoid constantly changing strategy based on emotions.
  • Review results periodically and adjust parameters calmly.

Digital hygiene

  • Do not share screens with API keys visible.
  • Do not send keys or secrets via chat/email.
  • Keep your operating system and browser up to date.
  • Use a password manager to reduce human error.

Security first. Validate execution with small size.

Before allocating meaningful capital, validate your configuration in sandbox/testnet (where available) or with small size in live. Use this page as a checklist: API permissions, withdrawals disabled, exposure caps, and a clear plan for monitoring.

See how it works See dashboard controls