Here's exactly what we do with your Dhan account — and what we will never do. No fine print. No ambiguity.
This is the most important thing to understand about TradingRuleBook — and we want to be direct about it from the start.
SEBI (Securities and Exchange Board of India) mandates that any system placing algo trading orders must originate from a fixed, SEBI-registered IP address. TradingRuleBook does not have such a registered IP. Your broker, Dhan, enforces this at their end — they will reject any order placement request that doesn't come from a registered IP.
This means even if someone at TradingRuleBook wanted to place a trade in your account, the system would technically reject it. This isn't a policy promise. It's a hard technical and regulatory constraint.
We use only Dhan's Account Management APIs — the same APIs used to read positions, orders, and portfolio data. These APIs have zero order-placement capability. There is no path from our system to your trade execution.
We connect to your Dhan account to do exactly three things — nothing more, nothing else.
We do not place orders. We do not transfer funds. We do not modify any account setting. We do not share your trading data with any third party.
If you ever receive a message claiming to be TradingRuleBook that asks for your full login credentials, OTP, or PIN — that is not us. We only ever ask for your Dhan access token on our secure dashboard, never via email, WhatsApp, or any external link.
Your trust should be informed, not blind. Here is a clear breakdown of what is technically possible through the API access you grant us, and what is not.
| Action | Possible via Account API? | Do we use it? |
|---|---|---|
| Read your open positions | ✅ Yes | Yes — for rule checks |
| Read your order history | ✅ Yes | Yes — for analytics |
| Read your portfolio snapshot | ✅ Yes | Yes — for exposure metrics |
| Place a buy or sell order | ❌ No — requires Order API + SEBI-registered IP | Never |
| Transfer funds | ❌ Not possible via any broker API | Never |
| Modify account settings | ❌ Not accessible via API | Never |
| Withdraw money | ❌ Impossible via any API | Never |
When you connect your Dhan account, you provide an access token. Here is exactly what happens to it — step by step.
The moment your token reaches our server, it is encrypted using AWS Key Management Service (KMS) — the same encryption standard used by banks and defence systems. It is never stored as plain text, even for a millisecond.
If you connect with a short-term session token, it expires automatically in 24 hours. After expiry, it is deleted from our database. You reconnect fresh the next trading day.
If you choose to stay connected across sessions, we rotate your encrypted token every 12 hours automatically — you don't need to do anything. Rotation means the old token is invalidated and replaced, shrinking the window of any theoretical exposure.
Your token is stored in a separate, access-controlled database. It is not accessible to any frontend layer. Only the server process that performs your rule checks can decrypt and use it — and only during market hours.
The decryption process is fully automated. There is no admin panel, no support tool, and no manual process through which any person at TradingRuleBook can view your raw token. The encryption key and the token are stored separately.
Your token is only ever used during market hours: 9:05 AM to 4:00 PM IST, Monday to Friday.
Outside market hours, no automated process reads, uses, or touches your token. The rule-check system that performs monitoring is inactive after 4:00 PM and restarted the next trading morning. This is by design — not just a policy statement.
Saturday, Sunday, and market holidays — your token sits encrypted and untouched. The system doesn't wake up at all.
Disconnect anytime — in one click. Your dashboard has a "Disconnect Dhan Account" button. When you click it:
You can also revoke access directly from your Dhan app under Settings → Connected Apps, independent of anything on our end. Either action is sufficient — you don't need to do both.
We will never reconnect your account without your explicit action. We will never retain your token after you disconnect. We will never share your token or trading data with any third party.
Your token never leaves India.
All data you share with TradingRuleBook — including your Dhan access token — is stored on servers located in Mumbai, India. We do not route your data through foreign servers.
Your token is stored encrypted, not as readable text. We use AWS Key Management Service (KMS) to encrypt your token before it is saved. This means even if someone were to access our database directly, they would see an unreadable encrypted string — not your actual token. The encryption key and the token are stored separately, and access to the key is tightly controlled.
No one on our team can read your token. The decryption process is automated and runs only during market hours to perform your rule checks. There is no admin panel, no support tool, and no manual process through which any person at TradingRuleBook can view your raw token.
Your payment information is handled entirely by Cashfree Payments, our payment processor. We do not store your card details or UPI credentials. Your broker account and your payment account share no data with each other on our platform.
TradingRuleBook was built by a trader, for traders. The founder trades F&O actively and uses this platform personally — every rule, every alert, every security decision was made with that perspective.
We know the fear. There are too many platforms in this space that overpromise, underdeliver, and quietly mishandle your data. Some take your broker credentials under the guise of "automation" and give you no visibility into what's actually happening.
We chose to build the opposite — a platform where the security model is explained in plain language, where you can see exactly what we access and what we don't, and where disconnecting takes one click with immediate, verifiable effect.
If anything on this page is unclear, or if you have a specific technical question about how your data is handled — write to us directly. We will answer honestly, not with a template.
For the skeptical trader — and you should be skeptical — here is everything on one screen.
If something on this page raised a concern, or you want to verify anything about how your data is handled — reach out directly. We respond personally, not through a support bot.
Ready to trade with discipline, knowing exactly what happens — and what doesn't?
Start Free Trial →