The biggest risk in any trading service is the platform itself. Glimpse is built so that even a worst-case breach on our side cannot cost you a single dollar. Here's how that works in plain English.
When you connect Bybit or Toobit, Glimpse only accepts a trading-only API key. Withdrawals are blocked at the source. Even if every part of our system were compromised tomorrow, no attacker could move funds out of your account through us.
The keys you give us are encrypted the moment we receive them, with industry-standard authenticated encryption. They're only decrypted in memory, briefly, when the desk needs to place a trade — never written to a log, never returned to your browser, never copied to a backup in the clear.
Glimpse is not a custodian. Your funds sit on your own Bybit or Toobit account at all times. We never hold a balance on your behalf. If we were to vanish tomorrow, you log into your exchange and trade as you always could. No bridge to unwind. No queue to wait through.
Every read and write is gated at the database level: you can only see your own rows. That isn't a check we run in code that we could forget — it's built into the data layer. Even if a bug slipped through review, the database itself refuses to leak another customer's data.
Every connection — to your browser, to your exchange, to our payment processor — runs over modern encrypted transport. Every order request is signed and verified. Every payment notification is signature-checked before we trust it.
Service issue on our side? The desk pauses. Exchange unreachable? Orders queue and retry, with the user notified. Conditions deteriorate mid-trade? The desk tightens to flat instead of pressing. Empty days are cheaper than wrong days.
We have a no-questions-asked vulnerability disclosure policy. If you find a security issue, write to us before publishing it. We'll respond within one business day, fix promptly, and credit you publicly if you'd like.