Citrine
Setup guide Join the launch list
Menu
FeaturesSecurityHow it worksPricingSetupFAQSupport Join the launch list

Security / local-first

Local control is the architecture, not a tagline.

Citrine is built around a simple principle: users import their own Coinbase API credentials after installation, and the automation runtime operates on the Android device.

01

No keys in the APK

User Coinbase API credentials are not bundled into the app package. They are imported locally by the user after installation.

02

No cloud key custody

Citrine Edge does not need to receive or store user API keys for the Android runtime to operate.

03

Device access gate

Citrine expects Android lockscreen security and uses biometric/app-lock protection for access to the terminal.

Model comparison

Citrine local-first model versus a typical cloud bot.

This is a fair comparison, not a scare tactic. Cloud bots can be legitimate products; Citrine is simply designed for users who prefer local control and no cloud key custody.

Model Citrine local-first Typical cloud bot
Where automation runs On the user's Android phone through the Citrine app runtime. On a vendor-hosted server or managed bot platform.
Where API keys are handled Imported locally after install and intended to remain on-device. Usually stored, encrypted, or brokered by the cloud platform.
Cloud custody No cloud key custody by Citrine Edge. Varies by provider and security model.
User control Settings, app lock, device permissions, and runtime state are controlled from the phone. Settings are typically controlled from a web dashboard or hosted account.
Uptime tradeoff Depends on the user's phone staying powered, connected, and allowed to run in the background. Can run even when the user's phone is off, subject to provider uptime.
Device responsibility Higher. The user must maintain device security, notifications, battery settings, and connectivity. Lower device burden, but more trust is placed in the provider.
Best fit Users who prefer local control and no cloud key custody. Users who prioritize hosted uptime and are comfortable with the provider's key-handling model.

User responsibilities

Local-first gives you control and gives you work to do.

Keep your phone secure, keep notifications visible, keep the app allowed to run in the background, and revoke API keys directly at Coinbase if your device is lost or compromised.

Use minimum permissions

Create keys with only the permissions needed for your intended workflow. Avoid withdrawal or transfer permissions.

Revoke quickly

If anything looks wrong, stop automation, check your Coinbase account directly, and revoke the key from official Coinbase settings.

Protect the phone

Use Android lockscreen security, biometrics, operating system updates, and careful device handling.

Monitor runtime

Local automation depends on battery state, connectivity, notification permission, and Android background behavior.

Launch access

Prefer local control over hosted key custody?

Review the setup guide before joining the launch list.

Join the launch list View setup guide Learn why local-first matters