RipeDash

Security Statement

Last updated: May 18, 2026

1. Scope

This Security Statement explains the security practices RipeDash applies to user accounts, workspaces, connected trading accounts, imported trading data, journal content, analytics, and coaching workflows.

RipeDash is a trading analytics, journal, review, and coaching product. It is designed to import and analyse trading data for review. It is not designed to execute trades, move funds, act as a broker, or provide an execution venue.

2. Account access

Access to the RipeDash application requires authentication. Application pages are protected so unauthenticated visitors are sent to the sign-in flow before account, workspace, trading, journal, analytics, or settings data is loaded.

Account creation is invite-gated. RipeDash checks whether an email address has been invited before creating an account, and validates workspace membership before loading the authenticated workspace.

3. Workspace authorization

RipeDash separates users into workspaces and workspace roles. Product data is returned or changed only after the user has authenticated and the relevant workspace relationship has been validated.

Team, teacher, and cohort workflows use role-based access. Administrators and coaches may access student or member review data only through an authorized workspace relationship, and access outside that relationship is rejected.

4. Connected MT5 accounts

MT5 connection settings are associated with the authenticated user and trading account. RipeDash asks for the account login, broker server, and investor password needed to sync account history for review.

Stored MT5 investor passwords are protected at rest and handled through server-side systems. The stored investor password is not displayed back through normal account settings views.

RipeDash stores account metadata needed for review, including details such as account login, broker server, sync status, detected currency, balance, equity, leverage, and related account information.

5. Data sync and import

Trading data sync is designed to associate incoming account data with the correct user and connected account. Requests that cannot be matched to an enabled connection are rejected.

RipeDash applies request validation, authorization checks, and rate limits to data sync workflows. Sync payloads are normalized before they are stored so account history, cashflows, positions, symbol information, and account state are tied to the relevant user and trading account.

Imported trading data is used to provide dashboards, journals, analytics, enrichment, coaching, and account review workflows. RipeDash does not use this data to execute trades or move funds.

6. Data separation and deletion

Product data is separated by user, workspace, and trading account where applicable. Dashboards, trades, positions, journal entries, analytics, and account state are limited to the authorized user or an approved workspace workflow.

When a user deletes a connected MT5 account, RipeDash removes the saved connection and schedules cleanup for account-specific imported and derived data associated with that connection.

7. User responsibilities

Users are responsible for protecting their email account, devices, browser sessions, and any MT5 credentials or investor passwords they provide. Users should only connect accounts they are authorized to use and should only join workspaces operated by people or organizations they trust.

Users must not attempt unauthorized access, bypass workspace boundaries, misuse sync systems, probe private infrastructure without permission, or use RipeDash in a way that violates third-party broker, platform, or account provider terms.

8. Security reports

Security reports, suspected vulnerabilities, and account security questions can be sent to security@ripedash.com. Please include enough detail for us to understand and reproduce the issue, and do not access or disclose data that does not belong to you.

9. Changes

We may update this Security Statement as RipeDash changes. If updates are material, we will take reasonable steps to notify users through the product, website, or account email.