How we protect your account.
A factual overview of how Capital Rush handles credentials, data, and execution. If you need more detail for a compliance review, contact us.
Encryption in transit and at rest.
All traffic between your browser, our infrastructure, and broker relays is encrypted in transit over TLS. Sensitive credentials — including broker and relay tokens — are encrypted at rest using authenticated AES-256-GCM; plaintext copies are not retained once a value is encrypted.
Broker credentials are scoped and revocable.
Broker connections are stored per account and used only to route your software-approved trades. You can disconnect a broker at any time from the dashboard, which removes the stored credential. Service-role database access is restricted to server-side code and never exposed to the browser.
Execution runs through authorized vendor relays.
Capital Rush is an authorized vendor on the PickMyTrade relay, approved by major prop firms including Apex Trader Funding, Topstep, MyFundedFutures, and Tradeify. Automated execution is permitted on your account under those firms' rules. An idempotent fire guard ensures each signal executes at most once.
Audit logs are retained and exportable.
Trade decisions, relays, and broker calls are logged with timestamps and retained to support your audit trail and prop-firm review. You can export your records as CSV from the dashboard at any time. We retain operational data for as long as your account is active and as required for compliance.
How we handle issues.
If a security issue is identified, we investigate, contain, and remediate, and we notify affected members where appropriate. To report a vulnerability or a suspected incident, email team@goldrushfutures.co.