Security

Last updated: June 12, 2026. This page describes the security boundary for the public closed-trade review pilot.

1. Minimal connection surface

The public pilot does not ask for broker credentials, API keys, or account control. Reviews start from records you choose to submit: screenshot, fill photo, CSV, or written rulebook context.

2. No execution permissions

RiskDrive does not place, modify, cancel, or route orders. The sample workspace is a historical demo and has no live broker endpoint.

3. Data minimization

• Submit only closed-trade records needed for the requested review.
• Redact account numbers, balances, addresses, and identifiers that are not needed.
• Do not submit credentials or documents unrelated to the review.

4. Review packet controls

Every external review packet should keep sample size, confidence, limitations, and the historical-review-only boundary visible. Founder review is required before pilot packets are shared externally.

5. Transport and hosting

The public site is served over HTTPS. Static pages include security headers through the deployment configuration, including frame denial and content-type protection.

6. Reporting

Report security concerns to support@riskdriveai.com. Do not include broker passwords, API keys, private keys, or live account credentials in reports.

Security starts with the product boundary: historical review only, no broker login, no order execution, no live trading control.