Compliance, baked in

Every message hashed.
Every change visible.
Nothing rewriteable.

LinkedIn DMs, sent and received email, scheduling confirmations — captured the moment they happen, sealed in a SHA-256 chain, and exportable in the formats your broker-dealer accepts. Built to support FINRA Rule 17a-4(f) retention.

Book a walkthrough Read the FINRA archive whitepaper

SHA-256 chain WORM exports BD template approval FINRA-aligned

What gets archived

Both sides of every conversation, across every channel.

If a prospect could see it, your CCO can audit it. Outbound, inbound, and the meeting that came out of it.

LINKEDIN · DMS

LinkedIn direct messages

Connection requests, follow-ups, and replies — captured via Unipile in real time. Both sides of the conversation, with timestamps and the original profile URL.

Captured on send and receive

EMAIL · OUTBOUND

Sent email

Every email LIA drafts and you approve, plus replies you write yourself. Subject, body, headers, and attachments — preserved verbatim before they leave.

EML format preserved

EMAIL · INBOUND

Received email

Replies, bounces, and out-of-office responses ingested through your connected mailbox. Threaded back to the original outreach so an audit reads as a conversation.

Full thread, both sides

CALENDAR

Scheduling confirmations

Cal.diy booking confirmations and reschedules logged with the prospect they belong to. So your CCO can see what was offered and what was accepted.

Linked to the conversation

Broker-dealer template approval

Templates your CCO signed off on. Before they ever leave the platform.

Outreach templates and reply scaffolds move through a queue your Chief Compliance Officer controls. Drafts wait until they're approved. Approved versions are versioned — change a word, and it goes back through the queue.

LIA can only draft from templates that are currently approved. If your BD revokes a template tomorrow, today's draft pipeline updates with it.

· Per-template approval and revocation
· Versioned with the reviewer's name and timestamp
· Expiry windows for time-bound disclosures

A leather-bound archival ledger lying open with a sage silk ribbon bookmark — The ledger your firm has always kept — now kept for you.

A single antique brass key resting on cream linen — Per-tenant keys. Per-event chain. Per-message receipt.

The spine of an archival vault folder among a row of others — One drawer per advisor. One file per conversation.

Export formats

The formats your broker-dealer actually accepts.

A regulator request lands on a Tuesday afternoon. You select the date range, click export. What comes out is what your CCO and outside counsel know how to read.

.eml EMAIL

RFC 5322 EML files

Sent and received email exported as one .eml per message, preserving headers, MIME parts, and attachments. Open in Outlook, ingest into Smarsh or Global Relay, attach to a regulator request.

one file · per message

.json LINKEDIN · DM

JSON conversation bundles

Each LinkedIn thread exports as a JSON document — every turn, both sides, with sender, timestamp, message body, and the SHA-256 hash linking it to the chain.

one bundle · per thread

.pdf LINKEDIN · DM

Human-readable PDF transcript

The same thread rendered as a transcript a human can read in two minutes. Page-stamped, hash-footered, and produced alongside the JSON so you hand over both.

paired with JSON

.csv AUDIT INDEX

Master event index

A flat CSV index of every event in the date range — channel, prospect, hash, file path. The starting point your CCO opens first. Filter, hand to counsel, or import to a workpaper.

one row · per event

Exports stream to a signed download URL valid for 60 minutes, so the file your CCO opens is the file you generated. Storage in us-east-1 with replication to us-west-2.

Designed for your CCO

Forward this page. The technical details that earn a yes.

The short version is on this page. The long version — schema, retention math, key rotation policy, mapping to FINRA Rule 17a-4(f) — lives in the whitepaper.

SHA-256 message chaining

Every event hash includes the prior event hash. Tampering with a single message breaks the entire downstream chain — and we publish the daily root hash for verification.

WORM-style immutability

Object storage with object lock for the duration of the retention window. Even an admin cannot rewrite an archived event. Deletion is gated on retention expiry plus dual approval.

Encrypted at rest and in transit

AES-256-GCM at rest, TLS 1.2+ in transit. Per-tenant key envelope so customer data is isolated cryptographically, not just logically.

Access controls your CCO sets

Read-only auditor roles, time-bound access tokens, and an immutable access log of who looked at what. Single-sign-on via SAML or OIDC, with WorkOS in front.

Read the FINRA archive whitepaper →

PDF and HTML versions. Send the link, your CCO can verify the claims independently.

Compliance FAQ

The questions your CCO will ask first.

Are you FINRA approved?

No software is. FINRA approves member firms, not vendors. WealthNavigator supports FINRA Rule 17a-4(f) retention requirements — tamper-evident storage, indexed retrieval, and download formats your broker-dealer can hand to a regulator. Your CCO makes the determination that the configuration is appropriate for your firm.

What is the retention period?

Default is six years from the date of the message — the FINRA Rule 17a-4(b)(4) baseline. You can extend to seven, ten, or indefinite at the firm level. Retention is enforced by object-lock, so neither you nor we can shorten a retention window once it is set.

Can my broker-dealer pre-approve outreach templates?

Yes. Templates flow through a CCO queue inside the platform. LIA can only draft from currently approved templates. Edits are versioned and re-queued, so an approved version always reflects what the CCO actually signed off on.

What about my existing Smarsh or Global Relay contract?

We complement third-party archivers rather than replace them. Daily exports stream to your existing Smarsh, Global Relay, or Proofpoint endpoint in the format they expect. Your archiver of record stays your archiver of record — we just feed it cleaner data.

How do I export for an audit?

Pick the date range, select channels (LinkedIn DMs, sent email, received email, scheduling), choose format (EML, JSON+PDF, or CSV index), and click export. The bundle is generated server-side and delivered as a signed download URL valid for 60 minutes. Larger ranges stream as a multi-part archive.

Where is the data stored?

Primary storage in AWS us-east-1 (N. Virginia) with cross-region replication to us-west-2 (Oregon). Encrypted at rest with AES-256-GCM under per-tenant KMS keys. EU residency is on the roadmap for firms that need it; ask us for the current status.

Who has access to the archive?

You, the users you invite, and the auditor accounts your CCO provisions. We do not access tenant data without a written support request. Every read of the archive — by you, by an auditor, or by us during a support session — is itself an immutable event in the same chain.

Book a walkthrough

Show this page to your CCO. Then book a walkthrough.

We'll demo the approval queue, the export flow, and answer the questions your compliance team will raise next.

Calendar pending setup

The booking widget loads here once PUBLIC_BOOKING_PUBLIC_ID and PUBLIC_BOOKING_BASE_URL are set in .env. In the meantime, write to us directly.

Email us instead

Every message hashed. Every change visible. Nothing rewriteable.