Beyond What Regulators Require
SEC Rule 613 (Consolidated Audit Trail) requires every broker-dealer to track every order, cancellation, modification, and execution across all US equity and options markets, with NTP-synchronized timestamps at 50-millisecond precision and hashed customer identifiers. This data is reported to a central repository — for regulators. You, the trader, never see it.
PortfolioShield is not a broker-dealer. We are not subject to CAT requirements. We build to these standards voluntarily — and then go beyond them.
| Capability | SEC CAT Requires of Brokers | PortfolioShield |
|---|---|---|
| Order lifecycle tracking | ✓ Required | ✓ Full lifecycle with latency and slippage |
| NTP-synced timestamps | ✓ 50ms tolerance | ✓ DB-primary timestamps, cross-system alignment |
| Hashed customer identifiers | ✓ Transformed IDs | ✓ Forensic ID pattern (GDPR-safe) |
| Immutable audit trail | ✓ For regulators | ✓ SHA-256 hash chain, user-verifiable |
| Visible to the trader | ✗ Never | ✓ Full provenance on demand |
| Calculation traceability | ✗ Not in scope | ✓ Every Greek, score, and recommendation |
| Decision trail | ✗ Not in scope | ✓ Recommendations + user response tracking |
| Data freshness classification | ✗ Not in scope | ✓ LIVE / ACCEPTABLE / STALE / DEGRADED |
| Broker reconciliation narratives | ✗ Not in scope | ✓ Human-readable discrepancy reports |
| Two-party non-repudiation | ✗ Not in scope | ✓ Action digest + broker confirmation linked |
We build to the standard regulators require of broker-dealers — and then add six capabilities they don't require at all. Because your money deserves the same accountability that regulators demand of the institutions holding it.
Click Any Number. See Where It Came From.
Every calculated value displayed in the PortfolioShield interface has a trace icon. Click it, and a panel shows you:
- Source: Where the underlying data came from — broker sync, market data provider, or internal calculation
- Timestamp: When the data was last updated, classified as LIVE (< 30s), ACCEPTABLE (30s–5min), STALE (5–30min), or DEGRADED (> 30min)
- Method: What model or algorithm produced the result, including whether it was a heuristic approximation or a full Monte Carlo simulation
- Inputs: What specific data points fed the calculation, each traceable to their own source
No other retail trading platform offers this. Your broker shows you a delta of -15 and expects you to trust it. We show you the delta, the model that calculated it, the market data that fed it, and when that data was last refreshed.
We do not show you numbers you cannot verify. If a value appears on your screen, its complete provenance is available on demand.
Tamper-Proof by Math, Not Policy
Every event in PortfolioShield is sealed in a SHA-256 hash chain. Each record includes the hash of the previous record, creating a cryptographic sequence where any alteration — by anyone, including us — would break the chain and be immediately detectable.
This is the same cryptographic principle used in blockchain systems and regulated financial audit trails. The difference: we don't ask you to understand cryptography. A persistent badge on every screen confirms chain integrity in plain language. On-demand verification is available in the Data Integrity screen.
The audit log is append-only. No UPDATE or DELETE operations are permitted on the audit table. Once recorded, an event cannot be modified or removed.
We cannot alter your historical data without detection. The hash chain makes this a mathematical guarantee, not a policy promise.
Broker Reconciliation: No Silent Overwrites
When PortfolioShield syncs with your broker and finds a discrepancy — a position count that doesn't match, a fill price that differs, a margin requirement that changed — we don't silently overwrite our data. We log a reconciliation narrative:
- What we expected vs. what the broker reported
- The probable cause (expiration, fill adjustment, corporate action)
- How it was resolved (broker is always source of truth for positions)
- Full timestamps and session references
You can review every discrepancy, every sync, and every resolution in the Data Integrity screen. Your broker handles this internally and never shows you. We show you everything.
Authentication & Non-Repudiation
PortfolioShield connects to your brokerage account and can transmit orders on your behalf. This requires a security standard higher than typical analytics platforms.
Our authentication model separates viewing from acting:
- Read-only session: After login with MFA, you can view all data. No orders can be transmitted.
- Trading mode: A step-up authentication ("Tactical Unlock") is required before any order transmission, broker connection change, or full data export.
- Risk-based re-authentication: Orders exceeding configurable thresholds — percentage of account value, proximity to margin limits, new device detection — require re-authentication even within trading mode.
Every order transmitted carries a SHA-256 action digest — a cryptographic fingerprint of the exact order parameters, your session, a unique nonce, and a database-generated timestamp. Combined with the broker's confirmation response, this creates a two-party non-repudiation record: proof of exactly what was sent, when, by whom, and how the broker responded.
Every order transmitted through PortfolioShield has a cryptographic receipt linking your authenticated session to the broker's confirmation. This record cannot be forged or altered.
Safety Is Not a Premium Feature
The Data Integrity screen, the timeline, trace icons, reconciliation narratives, and the integrity badge are available on all subscription tiers — including Shield, our entry-level plan at $79/month.
Advanced drill-down depth (detailed input references, raw provenance chains) is available on Pro and Elite tiers. But the core trust infrastructure — the ability to verify that your data is intact, your actions are logged, and your numbers have sources — is never gated.
Trust infrastructure is not a monetization lever. Every PortfolioShield user, regardless of tier, has access to data traceability, integrity verification, and security controls.
What We Track
The Data Integrity Engine logs 17 event categories across every layer of the system:
- Data events: Broker syncs, market data arrivals, reconciliation discrepancies, data source attribution, freshness classification
- Decision events: System recommendations issued, user responses (executed, ignored, dismissed), warning acknowledgments
- Order events: Full lifecycle from submission through acknowledgment to fill, cancel, or rejection — including latency and slippage measurement
- Calculation events: Derived values computed, with model version, input references, and classification as heuristic or simulated
- Security events: Logins, new device/IP detection, session activity, failed authentication attempts, configuration changes
- System events: Worker health, API failures, rate limits, outages with duration and cause
Every event records: timestamp (database-generated, NTP-synced), actor type and identity, category, full context, and hash chain position.
Your Data, Your Control
- Export your complete audit trail in CSV or JSON, filterable by date range, event type, symbol, or position
- Request full data export under GDPR/CCPA within a 30-day processing window
- Request data erasure — personal information is purged, anonymized audit chain preserved for integrity via cryptographic shredding
- View all active sessions and revoke any from the Settings screen
- Emergency "Disconnect All Brokers" — instantly revokes all OAuth tokens with a single action
Your trading data belongs to you. We provide the tools to export it, verify it, and delete it — without compromising the integrity chain that protects everyone.
Other platforms ask you to trust their numbers.
We built the infrastructure to verify ours.