Security

Q: What security certifications does Cake Equity have?

Cake holds ISO/IEC 27001:2022 certification and receives an A grade on SecurityScorecard, confirming its information security management system meets global standards.

Q: How does Cake Equity protect sensitive equity data?

Cake employs AES-256 encryption for data at rest and SSL/TLS encryption for data in transit. Additional protections include email verification, activity logging, optional 2FA, restricted employee access, and mandatory security training.

Q: Does Cake Equity have role-based access controls?

Yes. The platform offers four permission levels: View Only (read access), Edit (make changes), Admin (full edit plus billing), and Account Owner (complete control including user management).

Q: Who can access my cap table in Cake Equity?

Only invited users can access your cap table. You control permissions through four permission levels, with recommendations to assign View Only to board members and investors.

Q: Can I control what my investors can see in Cake Equity?

Yes. Investors access a separate MyCake portal showing only their holdings, documents, and announcements — they cannot view the full cap table.

Q: Is Cake Equity secure enough to store confidential company information?

Yes, supported by ISO/IEC 27001:2022 certification, an A-grade SecurityScorecard rating, and multiple encryption and access control measures.

Data privacy & security are at the core of what we do

With large, high-profile customers all around the world, we are committed to keeping your data secure and continuously monitoring and improving our processes.

ISO 27001
Cake has completed a ISO 27001 certification, confirming that our information security management system meets globally recognised standards. This means our policies, procedures, and controls have been independently audited to ensure they effectively safeguard the confidentiality, integrity, and availability of customer data.

Privacy embedded into the design
We take a proactive approach to data protection and anticipate privacy issues and risks before they happen.This doesn’t just apply to systems design -- we’re proactively developing a culture of ‘privacy awareness’ across our organisation.

End-to-end security with full lifecycle protection
We put strong security measures in place from the beginning and apply this throughout the data lifecycle. We process data securely via encrypted infrastructures and destroy it when it’s no longer needed.

Visibility and transparency
We’re big believers in win-win scenarios, and we don’t believe that you need to sacrifice speed or usability to comply with privacy and security regulations. We make it easy for you to control who’s able to access and make changes to your data so that you can focus on growing your business.

Steps we take

Experience

We verify email addresses of all users
An activity log is kept for every transaction that changes data in your organization, with clear tracing available
You can control who can access and make changes to your data by assigning different levels of permissions to users within your organisation
Social sign on
Pro customers can also leverage further protocols such as Two-Factor Authentication (2FA)
Enabling 2FA will require all accounts associated to your company to use 2FA (both company and team app).

Infrastructure

Cake services and data are hosted with Amazon Web Services (AWS) in Australia in the ap-southeast-2 region.
Daily backups are performed, encrypted and stored in a secure location
Data at rest is encrypted using AES-256.
Data in transit is encrypted using SSL/TLS.

People & Platform

Our employees are all subject to strict confidentiality obligations and given security training to educate them on potential threats and how to keep themselves and the company safe
Our internal security and privacy protocols include only allowing a select group of employees to access customer data and ensuring that all employees use approved password managers
Any requests to change investor or option holder personal information are communicated to the company contact
Our access to critical infrastructure and services require 2FA

Sub processors page

Coming soon. Any questions please contact our Security Officer.

Back to Legal Hub

Need help? Visit the Help center

Where is Cake Equity's data stored?

Cake's infrastructure is hosted on AWS in the ap-southeast-2 region (Australia). Data is backed up daily with encrypted backups stored in secure locations.

What security certifications does Cake Equity have?

Cake holds ISO/IEC 27001:2022 certification, confirming its information security management system meets globally recognised standards. Cake also holds an A grade on SecurityScorecard.

How does Cake Equity protect sensitive equity data?

Cake uses AES-256 encryption for data at rest and SSL/TLS encryption for data in transit. Infrastructure is hosted on AWS with daily encrypted backups. All users have email verification and activity logging on every data-changing transaction. Two-factor authentication is available for all users and required for Pro customers. Internally, only select employees have restricted access to customer data, and all staff are subject to confidentiality obligations and mandatory security training.

Does Cake Equity have role-based access controls?

Yes. Cake has four permission levels: View Only (read access to share registry and documents), Edit (can make changes and manage transactions), Admin (full edit access plus billing), and Account Owner (full control including inviting and removing users). Only Account Owners can change permission levels for other users.

Who can access my cap table in Cake Equity?

Only users you invite can access your cap table. You control access through four permission levels — View Only, Edit, Admin, and Account Owner. Cake recommends assigning View Only access to board members and investors, Edit to operations team members, and Admin to lawyers, accountants, and senior leadership.

Can I control what my investors can see in Cake Equity?

Yes. Investors access their equity holdings through a separate MyCake portal — they see only their own holdings, documents, and company announcements. They cannot view or modify the full cap table. Advanced investor communications features including two-way messaging and document sharing are available on Growth and Pro plans.

Is Cake Equity secure enough to store confidential company information?

Yes. Cake is ISO/IEC 27001:2022 certified, holds an A grade on SecurityScorecard, and uses AES-256 encryption at rest, SSL/TLS in transit, and AWS infrastructure with daily encrypted backups. Access is controlled through role-based permissions, and all internal staff have restricted data access with mandatory confidentiality obligations.