Algonet — Algorithmic Solutions

⚠ Document Status

FINAL DRAFT · AWAITING FOUNDATIONAL COUNSEL REVIEW

This document is a final draft. Algonet's full legal framework has been drafted and submitted for foundational counsel review under the Algonet BH LLC / CFTC Rule 4.7 structure. Formal confirmation is expected within six weeks. Until that review is returned, this document is not yet executed and existing client engagements remain governed by the prior version signed at onboarding. Published here in full for transparency and for the review of prospective qualified investors and their counsel.

Working draft v0.1 — 2026-04-22. No non-custodial crypto peer publishes a standalone API Key Authorization — industry practice is to embed the authorization in Terms of Service. This document synthesizes: 3Commas ToS §3.4.5 'Connecting with a cryptocurrency exchange account' (18 Dec 2025) for the API-key workflow; Shrimpy Terms of Service (Benthos Labs, 2019) for the non-custody attestation; Goldenwise Capital Management Limited Power of Attorney + Abraham Trading Company Trading Authorization (SEC EDGAR Ex-10.4, 2011) for the legal scope-of-authority framing; and B2C2 Electronic Trading Terms of Use for credential-security obligations.

Back to legalIn-site viewer

Legal · VII

The specific, narrowly scoped grant of trading authority to Algonet.

This API Key Connection Authorization (this 'Authorization') is executed by the Client in connection with, and is incorporated by reference into, the Engagement Agreement between the Client and Algonet. This Authorization defines the precise scope, limits, and revocation mechanics of the authority the Client grants Algonet to place trades on the Client's Exchange account. Nothing in this Authorization grants Algonet any custody, withdrawal, or transfer authority over Client capital.

I — Chapter

Definitions

§ 1

The Exchange — the third-party cryptocurrency derivatives exchange on which the Client maintains a personal trading account (currently Binance Futures; others may be approved in writing by Algonet).

API Credentials — the Application Programming Interface key and secret pair (and any passphrase required by the Exchange) that the Client generates on the Exchange and delivers to Algonet, with (i) trade permissions enabled on the cryptocurrency perpetual-futures contract types relevant to the Services, and (ii) withdrawal, transfer, and internal-transfer permissions explicitly disabled.

Permitted Operations — the set of operations Algonet is authorized to execute via the API Credentials: place a new order, modify an existing open order, cancel an existing open order, query account balance and positions, query historical fills, and set bracket (take-profit / stop-loss) orders on a position. Nothing else.

Prohibited Operations — every operation NOT in the Permitted Operations list, including without limitation: withdrawing funds; transferring funds between sub-accounts or to an external wallet; changing account email, two-factor, or recovery settings; delegating the API Credentials to any third party; opening a margin-loan facility; borrowing or lending against the account; or any other operation inconsistent with the Permitted Operations list.

II — Chapter

Grant of Authority

§ 2

The Client hereby authorizes Algonet, acting through the Mother System and its designated execution infrastructure, to execute Permitted Operations on the Client's Exchange account on behalf of the Client, pursuant to signals generated by the Mother System and within the sizing constraints of the Risk Group the Client has elected.

This grant of authority is (i) limited strictly to Permitted Operations; (ii) non-custodial — Algonet never holds, touches, or has any access to Client capital; (iii) revocable at any time by the Client, instantaneously, through the Exchange's own interface; and (iv) in effect only while this Authorization, the Engagement Agreement, and the underlying API Credentials remain active.

For the avoidance of doubt, this grant of authority expressly excludes any authority to perform any Prohibited Operation. Algonet has no mechanical capacity, and no contractual right, to perform any Prohibited Operation.

III — Chapter

Client Attestations

§ 3

By delivering the API Credentials to Algonet through the client-portal onboarding flow, the Client attests, represents, and warrants that:

(a) The Exchange account to which the API Credentials provide access belongs to the Client personally; the Client is the beneficial owner of all funds in the account; and the Client is not connecting the account on behalf of any third party.

(b) The Client has generated the API Credentials with (i) trade permissions enabled and (ii) withdrawal and transfer permissions explicitly DISABLED. The Client has verified the Exchange's API-permission settings UI before delivering the Credentials.

(c) The Client has configured the Exchange's IP-whitelist feature to restrict use of the API Credentials to the Algonet execution-server addresses published on the client portal, updated from time to time.

(d) The Client understands that withdrawal from the Exchange account is possible only by the Client through the Exchange's own authenticated interface, and that Algonet has no mechanism (software, contractual, or otherwise) to withdraw funds.

(e) The Client will revoke the API Credentials immediately upon termination of the Engagement Agreement, upon any suspicion that the Credentials may have been compromised, or upon any material change in the Client's authority over the Exchange account.

IV — Chapter

Algonet Obligations

§ 4

Algonet covenants that it will:

(a) Use the API Credentials solely to execute Permitted Operations in accordance with Mother-System signals and the Client's elected Risk Group, and for no other purpose;

(b) Store the API Credentials encrypted at rest using industry-standard symmetric-encryption algorithms, with the decryption key resident only on the Algonet execution server and never transmitted elsewhere;

(c) Restrict personnel access to the API Credentials to personnel with a reasonable operational need;

(d) Not attempt to execute any Prohibited Operation, and not attempt to probe, escalate, or extend the authorized permission scope of the API Credentials;

(e) Promptly notify the Client if Algonet becomes aware that the API Credentials may have been compromised, misused, or accessed by an unauthorized person;

(f) Drop or suspend the API Credentials under Algonet's internal security procedures if Algonet has reasonable grounds to believe that continued use may expose the Client, Algonet, or the Exchange to regulatory, legal, or operational risk.

V — Chapter

Revocation and Termination

§ 5

The Client may revoke this Authorization at any time and with immediate effect by either: (i) deleting or regenerating the API Credentials through the Exchange's own authenticated interface, which terminates Algonet's ability to place trades mechanically; or (ii) delivering written notice of revocation to Algonet at support@algonet-trade.com, upon receipt of which Algonet will cease use of the Credentials and delete them from Algonet's systems within one (1) business day.

Revocation does not affect any trade already executed by Algonet pursuant to this Authorization prior to the revocation. The Client remains responsible for management of any position open on the Exchange at the time of revocation; Algonet will not open or close positions after revocation.

This Authorization terminates automatically upon termination of the Engagement Agreement, upon material breach by either party that is not cured within the applicable cure period, upon the Client ceasing to meet the Qualified Eligible Person criteria, or upon regulatory action making continued performance unlawful.

VI — Chapter

Credential Security

§ 6

The Client acknowledges that the API Credentials are highly sensitive authentication material. The Client shall keep the Credentials confidential, shall not deliver the Credentials to any party other than Algonet through the designated onboarding flow, and shall not disclose the Credentials in any unencrypted communication channel (email, chat, voice, or screen share).

If the Client has reason to believe that the API Credentials have been compromised — for example, by loss or theft of the Client's personal device, by suspicious activity on the Exchange account, or by a breach notification from the Exchange — the Client shall (i) revoke the Credentials on the Exchange immediately, (ii) notify Algonet by email to support@algonet-trade.com as soon as reasonably practicable, and (iii) generate fresh Credentials for re-connection after the Client has completed the Client's own security review.

Algonet's own credential-handling obligations are set out in Chapter IV above. Neither party is liable to the other for a credential compromise caused by the counter-party's own failure to observe the security obligations of its respective chapter.

VII — Chapter

No Withdrawal, No Custody

§ 7

The fundamental structural feature of the Algonet Services, reflected in this Authorization, is that Algonet at NO TIME holds, receives, transfers, or has withdrawal access to any Client funds. The Client's capital remains at the Exchange, in an account controlled by the Client, throughout the engagement. Nothing in this Authorization, the Engagement Agreement, or the Terms of Use grants Algonet any custodial right, withdrawal right, or right to direct funds transfer.

This non-custodial structure is the Client's primary protection against Algonet operational failure, bankruptcy, regulatory action, or any other adverse event affecting Algonet — the Client can always withdraw funds from the Exchange directly, without Algonet's involvement, and retains sovereign control of capital at all times.

VIII — Chapter

Execution of this Authorization

§ 8

The Client executes this Authorization by (a) checking the acknowledgment box presented during the client-portal onboarding flow immediately before the API Credentials are entered, and (b) submitting the API Credentials through the portal's secure delivery mechanism. The timestamp of the acknowledgment and the Client's IP address are recorded in the Algonet audit log as evidence of execution.

For the avoidance of doubt: acknowledgment and credential submission through the portal is sufficient execution of this Authorization, and no physical or PDF signature is required.

Signed (portal acknowledgment): ____________ Date: ____________ Client IP: ____________

API Key Connection Authorization v0.1 · 2026-04-22 · Incorporated by reference into the Engagement Agreement. Algonet BH LLC (Florida) · אלגונט — פתרונות אלגוריתמים (Israel, עוסק מורשה 205852122).

Back to legal index
Algonet

Algonet is operated by Toi Campbell Holdings Ltd · Israeli company no. 517110987. Non-custodial algorithmic execution for qualified non-US investors. Client capital remains at the client's chosen exchange in every period.

Index

Contact

IL +972 77 990 3750

US +1 (209) 574-3922

support@algonet-trade.com
finance@algonet-trade.com

LinkedIn

Offices

IL
Bar Kochva 23, V Tower
Bnei Brak 5126002

Disclaimer

Algonet provides systematic execution software to qualified non-US investors. The service is non-custodial; client capital remains at the client's chosen exchange in every period. Past performance is not indicative of future results. Trading crypto perpetual futures involves leverage and the risk of total loss. Full risk disclosures

© 2026 ALGONET · All rights reserved

Legal