TRUST

How we handle your money, your keys and your data

Effective: April 2026

TMIYC is a market intelligence terminal and a paper-trading sandbox. For the Whale tier it also executes real orders on exchange accounts you own. This page makes our handling of funds, keys, data and disputes legible — no marketing gloss.

Security posture at a glance

We treat every dollar that touches TMIYC like it will be actively targeted:

  • Hot-wallet private keys live on an isolated signer VM. The public API cannot read them — it can only submit signature requests over mTLS, rate-limited and bounded by a daily USD ceiling.
  • Transactions above a configurable threshold require multi-signature approval from two independently hosted keys. A single compromised server cannot move those funds.
  • Cold storage is swept automatically once a day; only the operational float sits on hot wallets.
  • All admin actions traverse a hash-chained audit log. Tampering with past entries invalidates every entry that followed.
  • Database and backups are encrypted at rest (AES-256-GCM); backups are stored off-site with a separate provider (Backblaze B2) and periodically restore-tested.

Your exchange API keys

When you connect a Bybit / Binance / OKX / KuCoin / Bitget / MEXC / Gate.io account we ask for read + trade permissions only — never withdrawal. The key pair is encrypted with a project-wide KMS key before it lands in Postgres. We recommend IP-whitelisting our egress IPs (listed on /en/security) on the exchange side. You can revoke a key from /app/settings at any time; the record is hard-deleted and the in-memory cache is flushed within 60 seconds.

How payments actually work

Subscriptions and marketplace escrows run on TMIYC's own wallet addresses across BTC, ETH/USDT-ERC20, BNB/USDT-BEP20, USDT-TRC20, Solana and Polygon.

  • Each invoice is generated with a unique random decimal suffix so we can match your transfer unambiguously, even in heavy traffic.
  • Escrow is held in a segregated operational wallet. Release requires a GARANT-role operator to sign off in the private @tmiyc_admin_bot — funds cannot be moved by a single employee acting alone.
  • We do not custody user wallets and we do not offer a wallet feature. TMIYC never asks for a seed phrase.

Personal data

We collect: email, chosen nickname, hashed password (Argon2id), 2FA secret (optional, TOTP), optional Telegram id, exchange API keys as described above, and usage telemetry needed to render the /app terminal. We do not sell data. We do not run third-party ad-network tags. Account deletion is self-serve in /app/settings — it hard-deletes the user row and every dependent record within 30 days, minus the legal-retention minima required for accounting.

Audit trail

Every privileged action — role change, balance move, escrow release, kill-switch trigger, withdrawal approval — is written to an append-only log. Each entry is chained by SHA-256 hash to the previous one, so any retroactive edit breaks the chain for every entry that followed. A read-only view of the chain head is published daily in the Admin panel for the ADMIN role; we publish an anonymised monthly summary on this page.

Marketplace escrow & disputes

When you buy or sell on the strategy / account / goods marketplace, the payment is held by our auto-guarantee bot. Funds release only after the buyer confirms delivery, or after a GARANT-role operator rules in a dispute. Disputes follow a fixed procedure: (1) 72-hour evidence window for both parties, (2) GARANT review, (3) appeal window to ADMIN if either party disagrees. We publish per-quarter resolution statistics.

Disclosures we make

We tell you, in plain text, when: a bot you follow underperforms its backtest, a strategy is paused for a regime shift, an incident affects your data, a pricing change lands, or a jurisdiction is being geo-blocked (live trading is unavailable in the US and UK). These announcements go to the logged-in /app inbox, to the public changelog and (when they are user-impacting) to your email.

Questions, concerns, disclosures

Security reports go to security@tmiyc.trade (PGP key on the Security page). Everything else — billing, disputes, data requests — goes to support@tmiyc.trade or through the /app/support ticket system.

See the security Hall of Fame