Broker Safety Education

Broker Connection Education

Understand the permission boundary before any future connect flow.

This education screen does not ask for credentials, open a provider flow, grant permissions, connect brokers, place orders, or deploy strategies.

What users should understand first

Education Only

Read access can support masked account metadata, balances, positions, orders, fills, and sync health after a reviewed provider flow exists.

Read access cannot place trades, edit accounts, or deploy strategies.

Review Required

Paper mode is for simulated deployment review after strategy evidence, risk limits, account binding, and audit logging are ready.

Paper mode never implies live approval and cannot bypass review.

Blocked Until Compliance

Live mode requires stricter permissions, provider approval, paper history, kill switches, and explicit customer confirmations.

Live mode is blocked in this local app shell.

Must Be Immediate

Users must be able to disconnect or downgrade permissions, and OmniMint must immediately block affected sync, paper, or future live capabilities.

Revocation should preserve audit history without keeping raw secrets.

Customer Visible

Broker data should be used only for customer-owned portfolio context, readiness checks, audit evidence, and user-visible account health.

Creators do not receive subscriber account IDs, balances, or holdings.

Provider-hosted consent should happen outside OmniMint credential storage.
Account labels must be masked before appearing in the UI.
Read-only comes before any paper review.
Paper review comes before any live-candidate review.
Revocation, audit logs, and kill switches must be visible before elevated permissions.