Security and your data

Viktury is a journal, not a trading bot. It only ever needs to read your trade history, so the way it is built reflects that.

Read-only keys, always

When you connect an exchange, Viktury only ever asks for read permission. It never requests permission to place trades and never requests permission to withdraw. When you create the API key on your exchange, you enable view or read access and leave trading and withdrawals switched off. Even if a key were somehow exposed, a read-only key cannot move your funds. This is the single most important habit when connecting any account, so every connect guide repeats it.

How your keys and data are stored

Your API keys and your trade data are stored encrypted, both at rest and in transit. Exchange keys get an extra layer of encryption on top of that, and they are never kept in plaintext. You can disconnect an account at any time, which removes its stored key.

Deleting your account

You can delete your account from your settings. When you do, your data moves into a 30-day archive rather than vanishing instantly. During that window the account is gone from the app but recoverable if you reach out, which protects you against an accidental or regretted deletion. After 30 days the archived data is removed for good.

Who processes your data

Viktury runs on cloud infrastructure (Amazon Web Services) for hosting, storage, and email. Payments are handled by Stripe, so card details go to Stripe rather than to us. Error monitoring (Sentry) helps us catch and fix problems. The privacy page in your Viktury dashboard lists these processors in full and is the authoritative version. If you have a specific data question, the contact form reaches us directly.