Data is kept private and secure across InvestorHub
At InvestorHub, we are committed to protecting your privacy. Our Privacy Principles guide the development of our products, processes and systems so you can rest assured your data is handled with the utmost care.
Our business is built on transparency, with a commitment to providing clear and consistent information on who has access to your data and how it's used. We process data in accordance with our terms and data protection agreements and clearly outline our processes through our privacy policy. As our policies are written with you in mind, you’ll be the first person to know when we update our privacy structure.
Our users are at the center of everything we do. That’s why we’ve designed effective privacy controls to put their interests first. We’re on a mission to embrace collaboration and to constantly evolve our privacy practices to better meet our users' needs.
We adhere to strict data security protocols which means we do not share any data with third parties. By putting you in control of the users that have access to your account, our products and practices are designed to enable you to actively control and manage access to your data.
Over $1b of shareholder value is managed using our technology. We take this responsibility seriously and use a variety of technologies to help protect your data. We employ robust security controls across all aspects of our engineering and service delivery. This includes encryption at rest and in transit, network security and server hardening, administrative access control, system monitoring, logging and alerting, and more.
InvestorHub uses Google Cloud to store, maintain and manage data. Trusted by thousands of organisations globally, Google cloud means InvestorHub can store data externally and take advantage of the numerous security practices and protocols at Google.
InvestorHub is able to access the same secure-by-design infrastructure, built-in protection, and global network that Google uses to protect all client information, identities, applications, and devices.
Through Google Cloud, all data is encrypted in transit between your registry, the cloud, and at rest which ensures it can only be accessed by authorised personnel and services.
Our website services are hosted on Vercel with potential data breaches and/or leaks identified by their highly responsive cybersecurity team. InvestorHub accesses a number of security benefits which are passed on to all our enterprise clients.
InvestorHub is included in Vercel’s regular penetration testing via third-party pen testers against potential data breaches. InvestorHub has never failed a third-party penetration test through Vercel.
InvestorHub is covered by two forms of DDOS protection (automated prevention and direct communication) through its enterprise relationship with Vercel. Vercel systems automatically detect and block malicious attacks on InvestorHub’s client sites. For larger, distributed attacks, we take a hands-on approach by working closely with Vercel to ensure your site(s) stay online and are resilient to attacks.
InvestorHub is SSL certified which means we’re always ensuring that any data transferred between users and websites, or between two systems, remains impossible to read through the use of an encrypted connection that scrambles data in transit.
InvestorHub has enabled two-factor authentication (2FA) on all admin accounts to add a second layer of protection to your account.
InvestorHub uses automatic and manual systems on your account to prevent unauthorized access and to notify you when someone has/is accessing your data. Identities, users, and services are authenticated and access to sensitive data is protected with advanced tools like phishing-resistant security keys.
Your registry data is used to provide actionable insights and analysis through our software, the applications include:
Your registry data is de-identified and processed as part of a data pool in our machine learning algorithms. The analytic model that emerges from this process uses patterns across our total dataset. This use of data is similar to how Google Analytics, Sprout Social, Hootsuite and other data analytics tools operate (e.g. Sprout Social connects to your Twitter account and provides you with analytic models to understand how your posts compare with similar accounts).
No information about your shareholders or your company is shared with other clients or third parties. No input data is accessible directly by anyone except authorised end users.
You, anyone you share your account with via InvestorHub's permissions feature, and any authorised InvestorHub employee can access the data you collect. Access to platform and client data is assigned to InvestorHub employees on a need-to-know basis.
Roles with different levels of access are assigned to employees, with the intent to provide employees with enough access to do their jobs (e.g. provide customer support, conduct billing-related activities, implement new security measures, etc). Employee roles are reviewed regularly.
Other than for purposes of debugging and monitoring product analytics InvestorHub employees will not access your data for any reason beyond your request. This usually comes in the form of a support request. For example, you might ask us to review your account or provide analysis of a datapoint.
We work hard to make sure your information is secure, including: We do not sell your data or the data you collect with our platform. Login pages transmit login data via SSL.
Our software and product development processes are compliant with Google Cloud security best practices. We encrypt data in transit between data facilities and at rest, ensuring that it can only be accessed by authorised roles and services with audited access to the encryption keys. All data is encrypted and managed by Google Cloud. All data is stored on Australian-based servers. We have appointed a Data Security Officer, who can be reached by emailing compliance@investorhub.com.