Draft for beta preparation. Before paid public launch, fill real operator details and complete focused legal review.
Updated 2026-05-07
Security Notice
Security controls and user responsibilities.
Security Controls
- Hashed passwords and hashed database-backed session tokens.
- Secure cookies, CSRF origin validation, and email verification before broker or NinjaTrader connection.
- Auth rate limits and audit logging.
- Tenant-scoped authorization checks and Postgres row-level security.
- Restricted production database runtime role.
- Encrypted broker tokens with key-versioned encryption.
- Hashed NinjaTrader desktop tokens and signed NinjaTrader updates.
- Server-side account mapping for broker and NinjaTrader accounts.
- Stale-data warnings anywhere live risk is shown.
Read-Only Beta Boundary
The first beta is read-only. RulePilot does not place, modify, cancel, or close trades.
User Responsibilities
- Use a strong password.
- Keep your email account secure.
- Secure your desktop and browser.
- Disconnect NinjaTrader desktops you no longer use.
- Disconnect broker connections you no longer use.
- Verify stale or unusual data directly in your broker or platform.
Vulnerability Reports
A final security contact email must be published before paid public launch. RulePilot does not currently operate a paid bug bounty program unless a separate written program says otherwise.