Wallet & Trade Security

Alphio is non-custodial for on-chain wallets and read-only-by-default for connected brokers — your funds never sit on Alphio's books.

---

1. On-chain wallets

You can connect on-chain wallets through several paths, all of which leave the private key under your control:

Wallet type	Key custody	Typical use
Privy (embedded)	Managed via Privy, user-controlled, exportable	Default for users without an existing wallet
MetaMask	Local browser extension	Power users with existing setups
WalletConnect	Mobile wallet of your choice	Mobile-first users
External (paste address)	Read-only / watch-only	Tracking without signing

Alphio's backend never stores your private key. Signing happens in the wallet (or Privy's secure environment), not on Alphio servers.

---

2. Privy key management

When you create a wallet through Privy inside Alphio:

• The key is generated inside Privy's secure infrastructure, not on Alphio servers.
• You can export the key at any time and import it into another wallet (MetaMask, hardware, etc.).
• Privy retains the minimum data needed to recover access for you (typically a login identifier and the encrypted key material under its own security model).
• Alphio never sees the raw private key.

If you want full self-custody, exporting to a hardware wallet is supported.

---

3. Hyperliquid agent wallet

To trade perpetuals on Hyperliquid without re-signing every order, Alphio uses an agent wallet model:

• Your main wallet (the one holding funds) authorizes an agent wallet that Alphio manages.
• The agent wallet can place and manage orders on Hyperliquid but cannot withdraw funds — only your main wallet can move assets off the exchange.
• You can revoke the agent wallet at any time from your wallet settings on Hyperliquid.

This keeps active trading smooth without giving Alphio (or anyone else) custody of your principal.

---

4. SnapTrade broker connections

Real broker accounts connect through SnapTrade, an OAuth-style broker aggregator.

• Connections are read-only by default — Alphio can fetch positions, balances, and history without trade permissions.
• Trade execution requires per-order user authorization — every order originates from an explicit confirmation in the Trade Modal, not from a standing automation grant.
• Alphio never stores your broker username / password. Credentials are held by SnapTrade under the broker's OAuth flow.
• You can disconnect a broker at any time from the Broker Connect surface; permissions are revoked immediately upstream.

---

5. Polymarket signed orders

Prediction-market bets on Polymarket use signed CLOB orders:

• Each bet is signed by your wallet at the moment of placement.
• Alphio prepares the order; the signature happens in your wallet — Alphio cannot place an order without that signature.
• USDC settles on-chain through the Polymarket bridge — Alphio never custodies USDC on your behalf.

---

6. Audit logs

Every trade-related action is logged for your review:

• Order placement, modification, and cancellation events
• Wallet binding / unbinding
• Broker connect / disconnect
• Agent wallet authorization changes

You can review activity from the /account/usage ledger surface alongside Credits consumption.

---

7. Incident response

If you suspect your wallet or broker connection is compromised:

1. Revoke immediately — disconnect the affected broker / wallet from Alphio's Connections surface.
2. Revoke upstream — for SnapTrade, also revoke at the broker; for Hyperliquid, revoke the agent wallet on Hyperliquid; for Privy, rotate or export the key.
3. Move funds to a fresh wallet if the private key may have leaked.
4. Contact support — see Wallet & Security FAQ for the full incident checklist and contact path.

---

8. Insurance / coverage

warning

Any custodial insurance or trade-loss coverage policy is being finalized. Alphio does not custody on-chain funds, so traditional custody insurance does not apply; broker-side coverage (e.g. SIPC) sits with the underlying broker, not Alphio. Confirm exact coverage terms with the product team before relying on them.