Your Keys, Your Control
Your API keys are encrypted on your device and never leave your computer. We can't see them, and neither can anyone else.
Local-First Encryption
Encrypted on your device before anything syncs
Zero-Knowledge Design
We can't see your credentials - ever
Built with Rust
Memory-safe code protects sensitive data
How It Works
Local Encryption
Your OANDA API key is encrypted on your device using AES-256-GCM before any data leaves your computer. The encryption key is derived from your master password using Argon2id.
Zero-Knowledge Sync
Only encrypted blobs sync to the cloud. We never see your master password or decrypted credentials. Even if our servers were compromised, your keys would remain secure.
Memory Safety
CandleSight is built with Rust, a memory-safe language. Sensitive data is automatically zeroized from memory after use, preventing credential leaks through memory dumps.
Technical Specifications
| Component | Implementation |
|---|---|
| Encryption | AES-256-GCM with HMAC-SHA256 tamper detection |
| Key Derivation | Argon2id with 128MB memory cost |
| Memory Safety | Keys zeroized from memory after use (Rust secrecy crate) |
| Rate Limiting | 5 failed attempts = 5 minute lockout |
| No Server Storage | Master password never transmitted. Only encrypted blobs sync. |
What Syncs to the Cloud?
Syncs (Encrypted or Non-Sensitive)
- Encrypted API key blob (unreadable without password)
- Account IDs (not sensitive)
- Trade history and notes
- Strategies and backtest results
- App settings and preferences
Never Transmitted
- Master password
- Decrypted API key
- Encryption keys
Frequently Asked Questions
What if I forget my master password?
There is no recovery option. You'll need to re-enter your OANDA credentials. This is by design - it means even we can't access your keys.
Is CandleSight open source?
The core application is not currently open source, but our security architecture is documented and we welcome security researchers to review our approach.
Has CandleSight been audited?
We have completed an internal security assessment. Third-party audits are planned for future versions.
Where is my data stored?
Your encrypted credentials are stored locally on your device. Trade history and strategies sync to our secure cloud infrastructure hosted on Railway.
Can CandleSight access my OANDA account?
CandleSight requires full API access to sync your trades and execute orders through the trading ticket. Your credentials are encrypted locally and never transmitted to our servers.