Security and privacy at InvestorHub

Data is kept private and secure across InvestorHub

Security and privacy at Fresh

Our privacy principles

At InvestorHub, we are committed to protecting your privacy. Our Privacy Principles guide the development of our products, processes and systems so you can rest assured your data is handled with the utmost care.


Our business is built on transparency, with a commitment to providing clear and consistent information on who has access to your data and how it's used. We process data in accordance with our terms and data protection agreements and clearly outline our processes through our privacy policy. As our policies are written with you in mind, you’ll be the first person to know when we update our privacy structure.

User first

Our users are at the center of everything we do. That’s why we’ve designed effective privacy controls to put their interests first. We’re on a mission to embrace collaboration and to constantly evolve our privacy practices to better meet our users' needs.

Data ownership and control

We adhere to strict data security protocols which means we do not share any data with third parties. By putting you in control of the users that have access to your account, our products and practices are designed to enable you to actively control and manage access to your data.

Our approach to security

Over $1b of shareholder value is managed using our technology. We take this responsibility seriously and use a variety of technologies to help protect your data. We employ robust security controls across all aspects of our engineering and service delivery. This includes encryption at rest and in transit, network security and server hardening, administrative access control, system monitoring, logging and alerting, and more.

Back-end security

InvestorHub uses Google Cloud to store, maintain and manage data. Trusted by thousands of organisations globally, Google cloud means InvestorHub can store data externally and take advantage of the numerous security practices and protocols at Google.

Cloud infrastructure

InvestorHub is able to access the same secure-by-design infrastructure, built-in protection, and global network that Google uses to protect all client information, identities, applications, and devices.


Through Google Cloud, all data is encrypted in transit between your registry, the cloud, and at rest which ensures it can only be accessed by authorised personnel and services.

Front-end security

Our website services are hosted on Vercel with potential data breaches and/or leaks identified by their highly responsive cybersecurity team. InvestorHub accesses a number of security benefits which are passed on to all our enterprise clients.

Regular penetration testing

InvestorHub is included in Vercel’s regular penetration testing via third-party pen testers against potential data breaches. InvestorHub has never failed a third-party penetration test through Vercel.

DDoS protection

InvestorHub is covered by two forms of DDOS protection (automated prevention and direct communication) through its enterprise relationship with Vercel. Vercel systems automatically detect and block malicious attacks on InvestorHub’s client sites. For larger, distributed attacks, we take a hands-on approach by working closely with Vercel to ensure your site(s) stay online and are resilient to attacks.

SSL secure connection

InvestorHub is SSL certified which means we’re always ensuring that any data transferred between users and websites, or between two systems, remains impossible to read through the use of an encrypted connection that scrambles data in transit.

Internal data handling

Two-factor authentication

InvestorHub has enabled two-factor authentication (2FA) on all admin accounts to add a second layer of protection to your account.

Active account security monitoring

InvestorHub uses automatic and manual systems on your account to prevent unauthorized access and to notify you when someone has/is accessing your data. Identities, users, and services are authenticated and access to sensitive data is protected with advanced tools like phishing-resistant security keys.


Why does InvestorHub need my registry data?

Your registry data is used to provide actionable insights and analysis through our software, the applications include:

  • To identify behaviour patterns which in turn allow us to provide you with predictions of investor demand for a capital raise and future trading behaviour;
  • To provide you with a shareholder overview feature that includes bespoke insights and analytics based on movement data;
  • To help you track the engagements you generate with your shareholders through our software.
How does InvestorHub use my registry data?

Your registry data is de-identified and processed as part of a data pool in our machine learning algorithms. The analytic model that emerges from this process uses patterns across our total dataset. This use of data is similar to how Google Analytics, Sprout Social, Hootsuite and other data analytics tools operate (e.g. Sprout Social connects to your Twitter account and provides you with analytic models to understand how your posts compare with similar accounts).

No information about your shareholders or your company is shared with other clients or third parties. No input data is accessible directly by anyone except authorised end users.

Who can access your account data?

You, anyone you share your account with via InvestorHub's permissions feature, and any authorised InvestorHub employee can access the data you collect. Access to platform and client data is assigned to InvestorHub employees on a need-to-know basis.

Roles with different levels of access are assigned to employees, with the intent to provide employees with enough access to do their jobs (e.g. provide customer support, conduct billing-related activities, implement new security measures, etc). Employee roles are reviewed regularly.

Other than for purposes of debugging and monitoring product analytics InvestorHub employees will not access your data for any reason beyond your request. This usually comes in the form of a support request. For example, you might ask us to review your account or provide analysis of a datapoint.

What data security measures does InvestorHub adhere to?

We work hard to make sure your information is secure, including: We do not sell your data or the data you collect with our platform. Login pages transmit login data via SSL.

Our software and product development processes are compliant with Google Cloud security best practices. We encrypt data in transit between data facilities and at rest, ensuring that it can only be accessed by authorised roles and services with audited access to the encryption keys. All data is encrypted and managed by Google Cloud. All data is stored on Australian-based servers. We have appointed a Data Security Officer, who can be reached by emailing