Security

Strata Pro is a local-first application. Your credentials, trading data, and positions stay on your device. Here's exactly how it works.

Credentials in OS Keychain

Your API key and private key are stored in your operating system's native secure credential storage — macOS Keychain, Windows Credential Manager, or Linux Secret Service. They are encrypted at rest and never transmitted to Strata servers.

Code Signed & Notarized

The macOS build is signed with a Developer ID certificate and notarized by Apple. This guarantees the app hasn't been tampered with and comes from a verified developer. Windows uses standard MSI packaging.

No Tracking or Telemetry

Strata Pro does not contain analytics, telemetry, or surveillance code. There are no usage trackers, no session recording, and no data shared with third parties. The app connects only to your exchange and our license server.

Everything Stays Local

All trading activity — orders, fills, positions, P&L — is processed and stored locally on your device. There is no cloud sync, no server-side storage, and no way for us to see your trading data.

What leaves your device

Three things. That's it.

Transmitted

  • License key — checked every 24 hours against our license server to verify your subscription
  • Machine ID — a random UUID (not a hardware fingerprint) used to enforce single-device licensing
  • App version — sent at startup to check for updates, included in license checks

Never transmitted

  • API credentials (key, private key)
  • Trading activity (orders, fills, cancels)
  • Positions or P&L data
  • Market data or order book snapshots
  • Exchange account information
  • Personal information or email

Technical details

Credential storage
macOS Keychain, Windows Credential Manager, or Linux Secret Service (GNOME Keyring / KWallet). Credentials are encrypted at rest by the OS and are only accessible to the Strata Pro process.
Network connections
All connections use TLS. The app connects to your exchange's API (REST + WebSocket) for trading, our license server for subscription validation, a version check endpoint at startup, and our market data server for pre-cached market metadata. No other outbound connections are made. Your private key is never transmitted — requests are signed locally with RSA-PSS, and only the signature is sent over the wire.
macOS code signing
Signed with a Developer ID certificate and notarized by Apple, so macOS Gatekeeper confirms the app is from a verified developer and hasn't been tampered with.
App permissions
Network access only, for connecting to your exchange. No camera, microphone, location, contacts, screen recording, or file system permissions beyond the app's own directory.
Machine identification
A randomly generated UUID stored locally. Not derived from hardware identifiers like MAC addresses, serial numbers, or disk IDs. Used solely for single-device license enforcement.
Local data
Application logs auto-delete after 7 days. Trading logs auto-delete after 30 days. No data is uploaded anywhere. Credentials stored in your OS keychain can be cleared from the Settings menu.

For full legal details, see our Privacy Policy and Terms of Service. Questions? Reach out on Discord.

Download Strata Pro