Your funds are stored safely on your exchange account, BitSpreader just executes orders on your behalf on the exchange using the API key that you have provided.
BitSpreader never does any transfers of your funds.
For further increase of security we strongly encourage you to not provide any API keys that have privilege to execute transfers - please refer to your exchange API key settings to make sure to reduce the API key privileges just to the most necessary (balance, history, trading).
Your API keys are encrypted with highest security standards and available only in the internal layer of the BitSpreader services safely hidden behind the firewalls and not accessible from the website. Encryption keys are safely stored in the digital vault.
For managing your API keys we follow write-only pattern - once you have provided your API key, the BitSpreader has stored it internally for the trading purposes and doesn't expose it even to you for editing. If you need to update the API key - you need to delete the old key and provide the updated one. This approach secures your keys in case you lose access to your BitSpreader account.
In order to further increase your security we require ALL the users to use two-factor authentication. Every time you sign in to the platform you need to provide security code generated by the two-factor application on your mobile phone - ie Google Authenticator or FreeOTP that needs to be set up during the registration process.