Security & architecture

AlgoProven decides whether a trade is allowed under your prop firm's rules. It is deliberately built so that it cannot trade for you, hold your money, or hold your broker login. Here's exactly what it can and can't touch.

No broker credentials Read-only by default No custody of funds Your bot keeps execution
The core boundary

AlgoProven reads state and decides. It never places orders.

The runtime reads account state (balance, open risk, distance-to-breach) through a read-only connection and returns a decision — ALLOW / REDUCE / BLOCK / LOCK. When you turn on Guard mode, the only thing it can do is send a halt / flatten instruction to your own bot or authorized execution bridge — which you control. AlgoProven does not independently place orders, hold broker credentials, or move money.

What's kept — and what isn't

Data we keep

  • Account rule state snapshots (room, drawdown, target %)
  • RuleGate decisions (ALLOW / REDUCE / BLOCK) for your audit log
  • Decision inputs you send (firm, symbol, side, qty, stop risk)
  • Your account email + plan for billing & access

Data we never take

  • Broker usernames, passwords or API secrets
  • Funds, wallets, or withdrawal access — no custody
  • The ability to place, modify or route an order ourselves
  • Anything that lets us trade your account without your bot
API keys

Scoped, prefixed, revocable.

Keys are issued per account (prefix ap_live_ / ap_test_), scoped to the RuleGate + audit endpoints, and revocable at any time from the cockpit. A leaked key can request rule decisions and write to your audit log — it cannot reach a broker, move money, or place a trade, because AlgoProven has no such capability to delegate.

The audit log

An event chain, not a black box.

Every decision your bot asks for can be recorded: signal → check → decision → order/fill → risk → exit → audit. The audit() path is fail-open — if our endpoint is slow or down, your bot keeps trading and the event is simply not written; it never blocks your order path. You can export or request deletion of your audit history.

Outage behavior

If AlgoProven is unreachable, your bot is unaffected by default.

Read-only mode never sits on your order path, so an outage can't stop your bot. For Guard mode, you configure the fallback — continue, reduce, or halt — and that fallback decides, locally, with no call to us. Full detail: what happens if AlgoProven is offline →

Access & admin

Role-gated, server-side, not in your browser.

The cockpit is private-beta and login-gated. Administrative functions are authenticated, role-checked and audited server-side — no admin token is ever placed in the browser. The app host is set to noindex, nofollow, noarchive, nosnippet until public launch, and source/backup file extensions are blocked at the edge.

What NOT to send us

If a field would carry a secret, don’t.

AlgoProven only needs decision inputs — firm, account type, symbol, side, qty, stop risk — and a read-only view of account state. Never send broker usernames or passwords, broker API secrets, withdrawal / 2FA codes, full account numbers, or funds. We have no field for them and no use for them; if you ever find one, treat it as a bug and report it. A rule check needs the shape of the trade, not the keys to the account.

Reporting an issue

Found something? Tell us.

Responsible disclosure is welcome. Email [email protected] with details and we'll respond. Please don't test against other users' accounts or the live trading path.

The whole point: a rule check can't become a risk.

Because AlgoProven never holds credentials or custody, adding it can only make an account safer — never give something new the power to lose money. See it run on a chart you control.

More on trust: offline behavior · status · risk disclosure · terms · privacy