search

Security

Your funds, your keys. Here is how Predictr keeps your wallet and data secure.

hashtag
Non-Custodial by Design

Predictr is a non-custodial trading bot. This means:

  • You hold the private key -- not us, not any third party.

  • You can export your key at any time and use it independently.

  • No central authority can freeze, seize, or move your funds.

Even if the Predictr servers go completely offline, you retain full control of your wallet and positions.

hashtag
Wallet Architecture

Every Predictr user gets a SAFE smart contract wallet on the Polygon network.

  • Private key generation -- An Ethereum private key is generated locally using a cryptographically secure random number generator (crypto/rand).

  • SAFE derivation -- The SAFE wallet address is derived deterministically from your key using CREATE2. This means the address is predictable and verifiable -- the same key will always produce the same wallet address.

  • SAFE deployment -- The smart contract is deployed on-chain via Polymarket's relayer. If deployment fails (e.g., due to network issues), it is automatically retried on your next transaction.

  • On-chain standard -- SAFE is the most widely used smart account standard in Ethereum, securing billions of dollars across DeFi.

hashtag
Encryption

Private keys are never stored in plaintext. Every key is encrypted before it touches the database.

Component
Detail

Algorithm

AES-256-GCM (Advanced Encryption Standard, 256-bit, Galois/Counter Mode)

Key size

256-bit (32 bytes)

Nonce

Unique, cryptographically random nonce generated per wallet

Authentication

GCM provides built-in authenticated encryption -- any tampering with the ciphertext is detected

Storage

Encrypted private key + nonce stored in PostgreSQL. The encryption key is held in an environment variable, never in the database.

AES-256-GCM is used by governments, financial institutions, and military organizations worldwide. It provides both confidentiality (data is unreadable) and integrity (any modification is detected).

hashtag
Key Export

You are never locked in. At any time, you can:

  1. Go to Settings > Export Private Key.

  2. Acknowledge the security warning.

  3. View and copy your private key.

With this key, you can:

  • Import into MetaMask or any EVM-compatible wallet

  • Access polymarket.com directly

  • Interact with your SAFE wallet through app.safe.globalarrow-up-right

  • Recover your funds from any device, even if Predictr is unavailable

hashtag
Trading Credentials

To execute trades on Polymarket's CLOB (Central Limit Order Book), API credentials are required.

  • Derivation -- Credentials are derived from your wallet's private key using Polymarket's standard authentication flow (L1 browser-style signatures for SAFE wallets, then upgraded to L2 API credentials).

  • Encrypted storage -- Derived credentials are encrypted with AES-256-GCM (same standard as private keys) and cached in the database for faster subsequent trades.

  • Automatic re-derivation -- If cached credentials are missing or invalid, they are re-derived from your private key on the next trade.

At no point are your raw credentials exposed or transmitted in plaintext.

hashtag
No Custodial Risk

Traditional crypto platforms hold your funds in their own wallets. If they get hacked, go bankrupt, or disappear, your funds are gone.

Predictr is different:

  • Your wallet is a SAFE smart contract that only you control.

  • The private key is encrypted and exportable -- you can move your funds at any time.

  • Even if our servers go permanently offline, you can recover everything by importing your private key into any Ethereum wallet and accessing Polymarket directly.

  • All trades execute on-chain through Polymarket's public infrastructure.

hashtag
Best Practices

Follow these guidelines to keep your account secure:

  • Never share your private key -- Predictr staff will never ask for it. Anyone who has your key can take your funds.

  • Enable Telegram 2FA -- Go to Telegram Settings > Privacy & Security > Two-Step Verification. This prevents unauthorized access to your Telegram account.

  • Use a strong Telegram password -- Avoid simple PINs. Use a long, unique password.

  • Beware of phishing bots -- Only interact with the official @predictr_trade_botarrow-up-right. Scammers may create lookalike bots.

  • Verify the bot username -- Always check that you are chatting with @predictr_trade_bot before entering sensitive information.

  • Export and back up your key -- If you have significant funds, export your private key and store it in a secure password manager. This is your recovery backup.

PreviousReferral ProgramNextFAQ

Last updated