User Data Security
|Secure Data||All information stored in our database is protected by 256-bit encryption.|
|No Investment Account Credentials||Stake does not get users' authentication credentials for investment accounts they link with Stake. Your investment account authentication credentials are passed to your investment account through our secure third-party service, Quovo, which maintains bank-level security. Stake will be able to view your holdings, but nothing else. ("Read-only" access)|
|Minimal Information||All you need to create a stake account is an email address. That's it! When you choose to connect your investment accounts to take action on Stake, we verify which stocks you own in which companies, and store that tally. We also store an encrypted, unique account identifier to ensure that multiple Shareowner users do not connect to the same investment account. No user can see the private data of any other user.|
|Verified Emails from Our Domain||Emails sent from Stake will come from the domain "yourstake.org". You can verify that emails come from us by checking the domain in the "from" details.|
|Automatic Logout||We automatically log you out if you are inactive for an extended period.|
|Encrypted and Secure Passwords||Stake enforces usage of strong user passwords. Passwords are hashed in our database, which means they are unreadable to everyone, including Stake staff.|
Stake Network Security
|Strongest available browser encryption||Traffic between you and our server is secured to the industry standard, 100% served over https and using SSL.|
|Regular System Health Checks||We log, monitor, and audit events and actions on Stake to continuously safeguard the application and your data.|
|Backups and Encryption||Our infrastructure is frequently backed up and accessible. Our backups are encrypted in compliance with most recent NIST policy (2018). Stake's web services are hosted on the cloud.|
|Vulnerability Intelligence||Stake implements a vulnerability intelligence program to monitor sources of information about vulnerabilities that can affect our systems.|
Additional Security Features
|Personnel Training||All employees and independent contractors who contribute to the web app are trained to follow a set of security best practices, for their devices and their work.|
|Finite Permissions and Access||Access to consumer data and other permissions are limited to authorized employees who need it for their work. All account maintenance actions are closely monitored and protected with strong passwords.|
|Confidentiality Agreements||All Stake employees and contractors are bound to confidentiality agreements.|
|Incident Response Plan||Stake implements a protocol for handling security events. All employees are informed of our policies. Upon learning of a breach of data, Stake PBC will promptly notify anyone affected.|
Security TipsYou can take steps to protect yourself throughout the internet.
Best practices include using unique and random passwords, refraining from transmitting sensitive information over public or unsecured wifi networks, and keeping your device software up to date. The Federal Trade Commission also provides a consumer guide to online security.
We will respond to any inquiries at firstname.lastname@example.org or via our contact form within 24 hours.