Security & Compliance
Safeguarding equity data for 30,000 venture-backed startups is one of the biggest considerations in everything we do.
Captable.io is made by LTSE. We’re operating a new stock exchange to enable modern, long-term companies to thrive, including a secure and reliable software infrastructure. We are fully GDPR compliant. We employ modern practices such as end-to-end data encryption and multi-location, redundant data backup. We maintain strict access and disclosure control over our systems and your data.
All access to LTSE is over a secure (SSL encrypted) connection. The same applies for all data sent between LTSE servers on our internal network.
We do not store your password. Instead, we store a salted cryptographic hash of your password so that even if our database is compromised, all passwords will be secure.
Data storage and backup
Backups are stored offsite and are encrypted using PKI cryptography. LTSE performs daily backups of the entire database.
Our servers are hosted with Amazon Web Services in multiple US regions. Here's more about AWS
GDPR / CCPA
We fulfil EU General Data Protection Regulation (GDPR) obligations and maintain transparency about customer messaging and how we use data.
DPA - Data Processing Agreement
AICPA SSAE 18 / SOC reports
We are completing a Service Organization Controls 2 (SOC 2) Type 1 audit with a 3rd-party evaluator certified by The American Institute of CPAs (AICPA). This audit uses the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of a our controls with respect to security, availability, processing integrity, online privacy, and confidentiality.
For customers, please contact us at firstname.lastname@example.org regarding our SOC reports. More information on SOC reports can be found
PCI DSS Level 1 certification
All payments made to Captable.io go through our partner, Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Details about Stripe's security setup and PCI compliance can be found at