Portfolio Holdings
All positions across your accounts with live prices and analyst data
AI Analysis
Position analysis and action plan — refreshes automatically with prices
Portfolio Insights
Live metrics calculated from your current holdings
Watchlist
Track tickers and monitor recent news
Settings
Your portfolio data.
Your control.
Toro Wealth is built on a simple principle: your data powers your analysis, not ours. We import only what's needed, store only what's necessary, and you stay in full control at all times.
How account connections work
When you connect a brokerage, Toro Wealth uses Plaid — a regulated financial data company trusted by thousands of fintech apps — to establish a secure, read-only connection. Your login credentials go directly to Plaid and your institution. Toro Wealth never sees your username or password.
Used to power your analysis
- ✓Holdings synced automatically — no manual entry
- ✓Cost basis imported for accurate gain/loss calculation
- ✓Account types detected (IRA, brokerage, 401k)
- ✓Purchase dates imported for tax lot tracking
We have no ability to
- ✗Place trades or execute orders
- ✗Move, transfer, or withdraw funds
- ✗See your brokerage login credentials
- ✗Make any changes to your account
How your data is protected
All connections are read-only
Toro Wealth uses Plaid's Investments product, which provides read-only access to your portfolio positions. We cannot initiate trades, transfer funds, or make any changes to your brokerage account.
Your credentials never touch our servers
When you connect a brokerage, your login credentials go directly to Plaid — we never see them. Plaid issues a limited access token stored exclusively in Cloudflare's encrypted server-side storage. It is never sent to your browser or included in the app's code.
Encrypted in transit
All communication between your browser, our servers, and Plaid uses HTTPS with TLS encryption. Your data is never transmitted in plain text.
Securing your Toro Wealth account
Your Toro Wealth account uses Supabase Auth, which provides enterprise-grade authentication infrastructure.
- ✓Passwords are hashed — we never store plain-text passwords
- ✓Two-factor authentication (TOTP) available and recommended — enable in Settings
- ✓Secure session management with automatic expiration
- ✓Email verification required on signup
- ✓Row-level security enforced at the database level — users can only access their own data
- ✓All API calls require a valid authentication token
You are always in control
Disconnect anytime
Go to Settings → Brokerage Connection → Disconnect. This immediately revokes Toro Wealth's access. Plaid is also notified to invalidate the connection on their end.
Delete your account
Request full account deletion at any time by emailing javier@torowealth.ai. All holdings, chat history, and profile information will be deleted within 7 business days.
Two-factor authentication
Enable MFA in Settings → Two-Factor Authentication. Compatible with Google Authenticator, Authy, and similar TOTP apps.
View connected accounts
In Settings → Brokerage Connection, you can see all connected institutions and disconnect individual accounts at any time.
How AI uses your portfolio data
When you request AI analysis, your portfolio holdings, thesis notes, and profile are sent to Anthropic's Claude to generate your personalized insight. This data is used only to produce your analysis — Anthropic does not store it or use it to train AI models.
Your investment theses and portfolio data live in your account only. We do not sell your data, share it with advertisers, or use it for any purpose beyond generating your analysis.
Report a security issue
If you discover a security vulnerability in Toro Wealth, please report it responsibly to javier@torowealth.ai. We take all reports seriously and will respond within 48 hours.
Please do not publicly disclose security issues before giving us a reasonable opportunity to address them.