Security and data privacy

Customer data should be protected, encrypted, and controlled by the user.

RulesFirst is built around risk-first trading behavior, but the same principle applies to data: collect only what is needed, protect it carefully, and keep broker access user-authorized and read-only.

Encryption in transit

RulesFirst is designed to use encrypted HTTPS/TLS connections for data moving between the browser, app, APIs, and integration services.

Encryption at rest

Customer data is designed to be stored with encryption at rest using managed infrastructure and database-level security controls.

User consent

Broker connections and data access require explicit user authorization. Users stay in control of whether they connect an account.

Data deletion process

Users can request account and data deletion through support. Deletion requests are reviewed, confirmed, and processed according to operational and legal requirements.

No sale of customer data

RulesFirst is a subscription product. We do not sell customer trading data as a business model.

Read-only broker connections

Broker integrations are intended to use read-only data access for analytics, risk guardrails, and behavior review. RulesFirst does not place trades for users.

Broker Review Summary

RulesFirst is designed for analytics and guardrails, not trade execution.

Broker integrations are intended to help users understand risk, behavior drift, execution history, and trading habits. RulesFirst does not need trading authority to provide these insights.

Read-only broker access for trade and account data where supported by the broker.

User-controlled authorization before any broker data is connected.

No order placement, discretionary trading, or automated trade execution by RulesFirst.

Data used to power risk guardrails, behavior review, analytics, and user-facing product features.

Customer data deletion workflow available through support.

Subscription-based business model with no sale of customer trading data.