Security & Compliance

Safeguarding equity data for 30,000 venture-backed startups is one of the biggest considerations in everything we do.

Captable.io is made by LTSE. We’re operating a new stock exchange to enable modern, long-term companies to thrive, including a secure and reliable software infrastructure. We are fully GDPR compliant. We employ modern practices such as end-to-end data encryption and multi-location, redundant data backup. We maintain strict access and disclosure control over our systems and your data.

Data encryption

All access to LTSE is over a secure (SSL encrypted) connection. The same applies for all data sent between LTSE servers on our internal network.
We do not store your password. Instead, we store a salted cryptographic hash of your password so that even if our database is compromised, all passwords will be secure.

Data storage and backup

Backups are stored offsite and are encrypted using PKI cryptography. LTSE performs daily backups of the entire database.
Our servers are hosted with Amazon Web Services in multiple US regions. Here's more about AWS security and compliance.

GDPR / CCPA

We fulfil EU General Data Protection Regulation (GDPR) obligations and maintain transparency about customer messaging and how we use data.

DPA - Data Processing Agreement

Services Summary

Subprocessors

AICPA SSAE 18 / SOC reports

We are completing a Service Organization Controls 2 (SOC 2) Type 1 audit with a 3rd-party evaluator certified by The American Institute of CPAs (AICPA). This audit uses the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of a our controls with respect to security, availability, processing integrity, online privacy, and confidentiality.
For customers, please contact us at support@ltse.com regarding our SOC reports. More information on SOC reports can be found here.

PCI DSS Level 1 certification

All payments made to Captable.io go through our partner, Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Details about Stripe's security setup and PCI compliance can be found at here.

Additional reading

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.