Trust
Trust & Security
This page is maintained by the Ratio X team to answer common security and privacy questions about Ratio X EA Generator. It describes practices and platform controls in effect today; it is not a certification and has not been independently audited.
At a glance
HTTPS everywhere, Supabase-managed auth with optional MFA, row-level security on every user table, Stripe for payments, and no sale of user prompts or generated code.
Access and authentication
Accounts are protected by email + password authentication managed by Supabase Auth. Optional multi-factor authentication (TOTP) can be enabled from the in-app profile settings to add a second factor at sign-in.
Sessions use short-lived access tokens with refresh rotation. Passwords are never stored in plaintext; they are hashed by the underlying auth provider.
Platform and hosting
The web application is built with TanStack Start and served from Cloudflare's edge network. Server-side logic runs in serverless Worker runtimes; there is no shared long-lived server process holding user data.
The database, authentication, and storage are provided by Supabase (Lovable Cloud), which hosts data in managed PostgreSQL with row-level security policies enforced on every user-facing table.
Data we collect and how it is used
We collect the data you provide to operate the service: account email, project descriptions, strategy templates, chat messages with the EA generation agents, and generated MQL5 source code. Billing metadata (customer id, subscription status) is processed via Stripe.
Your project data is used to operate the EA generation workflow on your behalf. Generated code and prompts are not sold and are not used to train third-party foundation models outside of the model providers' standard inference terms.
Subprocessors and integrations
Lovable Cloud / Supabase — authentication, database, storage.
Cloudflare — application hosting and edge delivery.
Anthropic and Lovable AI Gateway — large-language-model inference for the planner, generator, and reviewer agents.
Stripe — subscription billing and payment processing.
Resend — transactional email delivery (account confirmation, password reset, billing notices).
Encryption
Traffic to the application is served over HTTPS/TLS. Data at rest in Supabase-managed PostgreSQL and object storage is encrypted by the underlying managed service. Stripe payment data is handled directly by Stripe over their PCI-compliant infrastructure; we do not store full card numbers.
Row-level security and roles
Every user-facing table in the database has row-level security enabled. Policies scope reads and writes to the authenticated user's id, so one user cannot read or modify another user's projects, chats, or generated code.
Privileged roles (admin) are stored in a dedicated user_roles table and validated server-side via a security-definer function — never via client-side flags.
Cookies and analytics
We use first-party cookies and local storage strictly necessary for authentication and session state. We may use lightweight product analytics to understand aggregate feature usage; analytics events do not include the contents of your prompts or generated code.
Data retention and deletion
Project data, chats, and generated code are retained while your account is active so you can return to past projects. You can delete individual projects from the dashboard at any time.
To delete your account and associated data, contact support@ratioxtrade.com. We will remove your account and personal data within a reasonable period, except where retention is required for billing, fraud prevention, or legal obligations.
Privacy requests
You can request access to, correction of, or deletion of your personal data by emailing support@ratioxtrade.com. Please send the request from the email address associated with your account so we can verify your identity.
Security contact and vulnerability reporting
If you believe you have found a security vulnerability in Ratio X EA Generator, please report it to support@ratioxtrade.com with steps to reproduce. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.
Shared responsibility
Ratio X is responsible for the security of the application code, configuration, and the platform features described above. The underlying platform providers (Cloudflare, Supabase, Stripe, model providers) are responsible for the security of their infrastructure.
You are responsible for protecting your account credentials, enabling MFA where appropriate, reviewing and demo-testing every generated Expert Advisor before live use, and complying with your broker's and jurisdiction's rules.
Compliance posture
Ratio X EA Generator is not currently certified under SOC 2, ISO 27001, PCI DSS, HIPAA, or GDPR. We rely on the compliance posture of our subprocessors (notably Stripe for payments and Supabase for managed database/auth) for the portions of the service they provide. This page is not a certification or an independent attestation.
Contact
Security or privacy questions: support@ratioxtrade.com. See also our Terms of Service.