RulePilotAll policies
Draft for beta preparation. Before paid public launch, fill real operator details and complete focused legal review.

Updated 2026-05-07

Privacy Policy

How RulePilot collects, uses, protects, and retains user data.

Draft Status

This policy is prepared for beta readiness and must be completed with the final operator identity, privacy contact, provider regions, transfer safeguards, and retention details before paid public launch.

Data RulePilot Collects

  • Account data, including email address, password hash, session metadata, workspace membership, and role.
  • Trading account and risk data, including prop account nickname, firm template, balance, equity, PnL, positions, risk calculations, freshness status, and sampled snapshot history.
  • Broker, platform, and NinjaTrader connection data, including connection ids, provider account mappings, NinjaTrader desktop metadata, hashed desktop tokens, and encrypted broker OAuth tokens when used.
  • Billing data, including Stripe customer id, subscription id, plan, status, and payment event metadata.
  • Technical and security data, including IP address, user agent, request metadata, audit logs, rate-limit events, and error logs.

Why RulePilot Uses Data

  • Create and secure user accounts.
  • Verify email addresses.
  • Provide workspace access and subscription enforcement.
  • Connect authorized broker or platform data.
  • Calculate prop-firm rule risk and show warnings.
  • Prevent abuse, fraud, and unauthorized access.
  • Process billing, support requests, debugging, maintenance, and legal obligations.

EU And EEA Legal Bases

  • Contract, to provide RulePilot and manage subscriptions.
  • Legitimate interests, to secure the service, prevent abuse, improve reliability, and maintain audit logs.
  • Legal obligation, where records are required for tax, security, compliance, or disputes.
  • Consent, for optional marketing or non-essential cookies if enabled later.

User Rights

Depending on location, users may have rights to access, correct, delete, export, object to, restrict, or withdraw consent for certain processing. Some data may be retained where needed for security, billing, fraud prevention, dispute handling, audit integrity, or legal obligations.