How Notiken Works
A technical overview of Copy Bot, our risk management approach, and infrastructure. Designed for prospective users who want to understand what they're trading with.
The Platform
Notiken runs an automated copy-trading bot on Polymarket, a decentralized prediction markets exchange built on Polygon. The bot mirrors the trades of selected top Polymarket traders proportionally to your bankroll.
Runs 24/7 in an isolated container on our infrastructure. You retain full control of your Polymarket account, funds, and can pause or cancel anytime. Copy Bot is the only strategy in active service today — three earlier strategies (sure-thing arbitrage, weather, crypto microstructure) were retired after live data showed their edge didn't hold. We'd rather offer one strategy that works than a menu of unproven ones.
Copy Bot
The Idea
Polymarket has a handful of consistently profitable traders. Copy Bot mirrors their trades proportionally to your bankroll. If a target trader buys YES on an NFL market with 2% of their portfolio, Copy Bot buys the same YES token with 2% of your portfolio.
How It Picks Trades
Not every trade from the target is copied. Before mirroring a signal, the bot applies multiple filters:
- Auto-research — when you select a target, the bot analyzes their recent history: win rate, trade frequency, typical trade size, preferred price ranges, buy/sell balance. This determines copy mode and risk settings.
- Copy mode detection — market makers (high-frequency, balanced buy/sell, mid-price) are handled differently than directional traders. For market makers, the bot aggregates their trades per market over a settling window and only copies the net directional position.
- Conviction filter — small/experimental trades by the target are skipped; only high-conviction bets proportional to the target's portfolio are mirrored.
- Slippage guard — if the market price has moved significantly between when the target entered and when we can copy, the trade is skipped to avoid stale entries.
- Price level filter — trades at extreme prices (above 85¢ or below 10¢) are skipped because the upside is limited or the probability is unreliable.
- Position cap — concurrent positions are capped based on your bankroll.
How It Sizes Trades
Proportional sizing scales the target's trade to your bankroll. A scale multiplier adjusts for the size mismatch — if your bankroll is $200 and the target's is $200M, the raw proportional bet would be below Polymarket's minimum, so we scale up. Every trade is capped at a percentage of your bankroll (typically 5–8%).
How It Exits
When the target sells, we sell. When the market resolves, we collect winnings. The bot also copies exits proportionally and tracks resolved trades for P&L calculation.
Risk Management
Every bot enforces limits at multiple layers:
Per-trade
- Max position size as a % of bankroll (auto-configured based on target/strategy confidence)
- Minimum book depth — won't buy into thin markets
- Slippage cap — won't chase a moving market
Per-session
- Daily loss stop — halts trading for the day when exceeded
- Max concurrent positions — capped based on bankroll
- Max total exposure — sum of open positions capped in dollars
Infrastructure
- Cumulative P&L persists across container restarts — the loss stop can't be reset by redeploying
- Auto-restart with health checks — unhealthy containers are replaced automatically
- External monitoring — every bot's health endpoint is pinged continuously
Infrastructure
- Execution: Polymarket's CLOB (central limit order book) via the official SDK
- Signing: Gnosis Safe wallet proxies (the same setup Polymarket's web UI uses)
- Hosting: Dedicated VPS with 24/7 uptime, auto-recovering containers
- Transparency: All trades go through Polymarket — you can verify every position on-chain.
Security
How Your Private Key Is Handled
Your Polymarket private key enables signing trades on your behalf. We take its security seriously:
- Self-service setup. After approval you get a one-time link to a secure form. You enter your own password and private key — we never see them typed in Discord, email, or anywhere else.
- Encrypted in transit. All data travels over HTTPS (TLS). The setup page itself is served over TLS end-to-end.
- Docker secret storage. Your key is written to a mode-600 file on the host (readable only by root) and mounted as a Docker secret into your isolated container — read-only inside, not visible in `docker inspect`, environment variables, process listings, logs, or backups.
- Isolated containers. Each user gets their own Docker container on an isolated private network. Other users' bots cannot access your key or data.
- Never logged. Our setup API explicitly strips request bodies from all logs. The key exists in Python memory for the ~2 seconds it takes to provision, then is zeroed out.
- One-time links. Setup tokens work exactly once and are deleted on use. Replay attacks are impossible.
What We Cannot Do
The security model deliberately limits what we can do with your key:
- We cannot withdraw your funds — only Polymarket's smart contract can.
- We cannot transfer your USDC or positions elsewhere.
- The key file is mode-600 root-only on the host. Reading it requires direct VPS access (operator-only, not exposed to any HTTP path).
- We cannot access your key if you rotate it — create a new Polymarket account, send us a new key, and old keys are useless.
Your Verification Steps
- Bot ships paused — review every target, every setting, every cap before activating. The status toggle in the dashboard header is your kill switch.
- Every trade is on-chain — verify actions at polygonscan.com against your Polymarket wallet.
- Fund with the minimum you're comfortable with first ($50–100), scale up after confirming the behavior.
- Pause anytime from the dashboard. Open positions resolve as normal; only new entries are blocked.
- Rotate keys anytime: create a new Polymarket account, then re-run the setup flow — the key goes directly to the server over HTTPS, never through us. Old keys become useless once the new one is in.
- Self-cancel anytime via the Manage Subscription button on your dashboard (Stripe Customer Portal handles billing changes; the bot stops automatically on cancel).
Trust-through-transparency. We believe in minimizing what you have to trust us with. The goal is that even if our servers were compromised, the attacker could not drain your funds — only Polymarket, holding the on-chain contract, can move USDC.
What We Don't Do
Being honest about limits:
We don't guarantee profits. Copy Bot has had losing days. Market edges can disappear.
We don't custody your funds. Your USDC stays in your Polymarket wallet. We sign transactions on your behalf but cannot withdraw your funds.
We don't share alpha. The specific thresholds, model weights, and strategy parameters are proprietary. You get a configured bot, not the source code.
We don't promise 24/7 trade frequency. Sometimes the market is efficient and the bot goes hours without a trade. That's the bot being disciplined, not broken.