Investment Tracker

Security notes

One workspace for portfolio records, context, and decisions.

Product tour Workflow Security notes FAQ Privacy

Explore public pages

Unified WorkspaceFeatures

See how holdings, imports, reports, and journal context live in one product.

Learn more Open app

Connected WorkflowWorkflow

Move from raw records to allocation checks, journal context, and next actions without switching tools.

Learn more Open app

Trust LayerTrust

Centralized data still stays behind authenticated workspace routes.

Learn more Open app

Workflow Security FAQ Privacy

Security posture

Trust controls for a centralized investment workspace.

Investment Tracker brings portfolio data together while keeping public marketing pages, authenticated app routes, deployment controls, and broker connectivity boundaries explicit.

public portfolio records

/api

same-origin browser path

auth

workspace route boundary

Boundary map

Centralized records stay behind the workspace boundary.

public records exposed

Public

Marketing pages

Landing, features, workflow, FAQ

Gate

Authentication

Connected

Workspace records

Dashboard, imports, reports, journal

Optional external sync

Broker connections sit behind configuration; manual imports feed the same workspace without live credentials.

Production checklist

Keep launch checks explicit.

Secrets

Set a strong JWT_SECRET before production use.

Use COOKIE_SECURE=true behind HTTPS.

Origins

Configure production CORS_ORIGINS intentionally.

Database

Run migrations against the production database.

Access

Keep registration invite-only or closed for private previews.

Principles

Keep centralization boundaries obvious.

Centralized workspace, protected routes

The marketing surface is public, while the unified dashboard, import, reports, settings, trade log, journal, and watchlist routes remain authentication-protected.

Same-origin browser flow

The frontend defaults API calls to /api and proxies them through Next.js, which keeps browser requests aligned with the web app origin in local and hosted previews.

Registration controls

Private preview deployments can allowlist registration, close registration after account creation, or keep local development open while production is locked down.

Optional broker sync

SnapTrade integration can be enabled when credentials are configured, but CSV imports and manual records can feed the same centralized ledger.

Back to product

Open the connected workspace when you are ready.

Public visitors can read the site. Centralized portfolio data and working routes stay behind authentication.

Landing page Open dashboard