Your equity data, protected at every layer.
We hold the most sensitive data a public company has — insider holdings, grant terms, compensation. Here is exactly how we protect it.
Encryption everywhere
Data is encrypted at rest with AES-256 and in transit with TLS 1.3. API keys and webhook secrets are stored encrypted (AES-GCM), never in cleartext.
Multi-tenant isolation
Tenant isolation is enforced in the database with PostgreSQL row-level security (RLS) and SECURITY DEFINER helpers — not just in application code.
SOC 2 in progress
We are pursuing SOC 2 Type II. Target report date: [TARGET DATE — placeholder]. Our controls map to the Trust Services Criteria today.
Penetration testing
Independent penetration testing on an annual cadence, plus continuous automated dependency and secret scanning in CI on every commit.
Incident response
A documented incident-response runbook with defined severities and a public status page. See our security policy for the full commitment.
Subprocessors
The third parties that process data on our behalf. Last updated 2026-05-28.
Report a vulnerability
We operate a 90-day responsible-disclosure policy. Email security@unfoldingvalues.com and we will acknowledge within 2 business days.
Read our full security policy →