Before I put my Polymarket private key into the bot, I want to understand the security. Where is the key stored? Does it get sent anywhere? How do I know the software is safe to run?
Fair question — here's exactly how it works:
- Your private key never leaves your machine. It's stored in the Windows Credential Manager (the OS-level secure keyring), never written to disk in plain text, never transmitted to our servers or anyone else.
- Trades execute locally. The bot signs orders on your own PC and sends them directly to the Polymarket API. We never see, hold, or route your funds — there's no custody. Your capital stays in your own Polymarket wallet at all times.
- What the software connects to: the Polymarket API (to read markets and place your orders) and our forecast/license server (to fetch the model ensemble values and validate your license). Nothing else.
- The installer is code-signed under a validated publisher identity, so Windows can verify it hasn't been tampered with.
- No trade telemetry. We don't collect or sell your trading activity.
In short: it's a local tool that uses your keys on your machine to trade your own account. We provide the engine and the forecast data; you stay in full control of your funds.
That's reassuring, thanks. The Credential Manager detail is exactly what I wanted to hear — good that it's not sitting in a config file somewhere.
Exactly. A couple of good-practice tips: keep your OS updated, only download the installer from the official dashboard, and treat your private key like any other credential. If you move to a new PC, just install fresh and re-enter your details there — the key doesn't sync anywhere, so there's nothing to "leak" between machines.