Safety Overview
TRUE's complete safety model: self-custody, signing, MEV protection, phishing, AI boundaries, recovery.
Read this top to bottom before you do anything substantial on TRUE. The safety model is what makes the rest of the platform survivable. Every defence below has been triggered in production at least once.
Self-custody
TRUE is non-custodial by design. Your wallet, your keys, your funds. There is no TRUE-controlled account that holds user balances, no internal ledger that mirrors them, and no admin override that can move them. The corollary is the cost of self-custody: lose your seed phrase, lose access. There is no recovery path TRUE can offer for a lost seed.
Transaction signing
Every action that touches funds — swaps, perps, agentic execution, claim flows — requires an explicit signature from your wallet. The TRUE app never holds a session signing key, and it cannot execute on your behalf without you approving the specific transaction in your wallet.
Before you sign, the route plan shows every venue, the price impact at each hop, and the final slippage envelope. If the plan and the wallet prompt do not match, abort the signature and report to [email protected].
Slippage and MEV protection
Swaps default to a tight slippage envelope, set per asset and per route. If the live route exceeds that envelope between quote and execution, the swap is cancelled rather than filled at a worse price. MEV protection runs through priority fees and anti-sandwich heuristics on the routing layer; high-impact routes are surfaced before signing, never silently chosen.
Phishing and social engineering
- TRUE never DMs first, on any platform. If you receive a DM claiming to be from TRUE, it is not from TRUE.
- TRUE never asks for your seed phrase, ever, for any reason. There is no scenario in which support needs it.
- Always check the URL. The official app is
app.truefinance.ai. Bookmark it. Lookalike domains are the most common attack vector. - Verify before you click. Pinned tweets, official Discord roles, and the Help Center are the source of truth — not random links forwarded by friends.
AI hallucination boundaries
Signals and agent outputs are decision support, not directives. Conviction scores are model self-reports — not calibrated probabilities. Reasoning chains can be wrong even when they look confident. TRUE never auto-executes on the basis of a signal unless you have explicitly opted in to Agentic Trading with hard caps you control.
If the chat returns a confidently-stated answer that you can independently disprove, use the Report an issue button on the response. That feeds the agent quality pipeline and shortens the loop on hallucination repairs.
Two-factor and TOTP
Account-level features that don’t move funds (notification preferences, watchlists, points history) live behind your wallet signature. For partner accounts, dashboard accounts, and any setting that controls keys, TOTP is required. Recovery codes are issued at enrolment — store them where you would store a passport, not in chat history.
Wallet hygiene
The recommended split for serious users:
- View-only wallet — used for casual browsing, watchlists, signal review. No funds.
- Trading wallet — funded with the amount you are actively comfortable risking this week. Topped up rather than left at rest.
- Cold wallet — long-term holdings, on a hardware device, never connected to a web app.
Hot wallets get compromised by routine mistakes — a phishing approval, a supply-chain attack on a browser extension, a clipboard hijacker. Splitting funds means a routine mistake stays small.
Reporting suspected abuse
Report security issues to [email protected]. We acknowledge inside one business day. Critical reports — active exploitation, fund-loss attacks in progress — get an out-of-band response. PGP fingerprint and the responsible-disclosure terms are on the Compliance page.
Partners distributing TRUE inherit a duty of care toward their users. Compliance obligations include surfacing the not financial advice notice on every signal-bearing surface, geo-blocking restricted jurisdictions, and providing a working route to TRUE security for fund-loss reports. Full disclosures and contractual minimums on Partner Integration.
For API integrations:
- Never commit keys to repos. Use environment variables; rotate on a known cadence.
- Never put bearer tokens in client-side bundles. Proxy through your backend.
- Never log raw request bodies for endpoints that include private context (watchlists, points history). Redact at the logger.
- Treat webhook payloads as untrusted until the HMAC signature has been verified — see Webhooks.
- Rotate keys quarterly. Use scoped keys (
tp_live_…) with the smallest viable scope per integration.
See also
- Authentication — keys, scopes, JWT vs API key.
- Agentic Trading — opt-in autonomous execution and how it stays bounded.
- Compliance & Jurisdictions — geo-restrictions, KYC, responsible-disclosure terms.