We build Stake with your security as our top priority.

You trust us with your data. We work hard to protect it.

User Data Security
Mininmal Information Stored and Encrypted We only need a confirmed email address to maintain active Stake accounts. Elsewise, Shareowner users will verify their holdings to do activities on the site, and they may be a creator or supporter of an Ask. This information is stored in our encrypted database.
No Brokerage Credentials Stake does not get users' brokerage authentication credentials when they connect to their brokerage with Stake. Your investment account authentication credentials are passed to your investment account through our secure third-party service, Quovo, which maintains bank-level security. Credentials are used only to view the user’s holdings information while they are logged in and active on Stake. Brokerage access expires when the user logs out or after sixty minutes.
Only Company Holdings Information When Shareowner users connect Stake with their online brokerage firm, we get view-only access just to verify how many shares the user owns in which companies. Strict privacy controls are enforced to ensure that users cannot access any private data of other users on our site. We also store an encrypted, unique account identifier to ensure that multiple Shareowner users do not connect to the same brokerage account. The unencrypted information is never stored.
Verified Emails from Our Demain Emails sent from Stake will come from the domain "yourstake.org". You can verify that emails come from us by checking the domain in the "from" details.
Automatic Logout We automatically log you out if you are inactive for an extended period that unauthorized people cannot access your account.
Encrypted and Secure Passwords Stake enforces usage of strong user passwords, which are additionally hashed--they're unreadable to everyone, including Stake staff.
Stake Network Security
Strongest available browser encryption Traffic between you and our server is secured to the industry standard, 100% served over https and using SSL.
Regular System Health Checks We log, monitor, and audit events and actions on Stake to continuously safeguard the application and your data.
Backups and Encryption Our infrastructure is frequently backed up and accessible. Our backups are encrypted in compliance with most recent NIST policy (2018). Stake's web services are hosted on the cloud.
Vulnerability Intelligence Stake implements a vulnerability intelligence program to monitor sources of information about vulnerabilities that can affect their systems.
Additional Security Features
Personnel Training All employees and independent contractors who contribute to the web app are trained to follow a set of security best practices, for their devices and their work.
Finite Permissions and Access Access to consumer data and other permissions are limited to authorized employees who need it for their work. All account maintenance actions are closely monitored and protected with strong passwords.
Confidentiality Agreements All Stake employees and contractors are bound to confidentiality agreements.
Incident Response Plan Stake implements a protocol for handling security events. All employees are informed of our policies. Upon learning of a breach of data, Stake PBC will promptly notify anyone affected.

Security Tips

You can also protect yourself.

Some general good security practices include using unique and random passwords, refraining from transmitting sensitive information over public or unsecured wifi networks, and keeping your device software up to date. The Federal Trade Commission also provides a consumer guide to online security.
We will respond to any inquiries at info@yourstake.org or via our contact form within 24 hours.