Your data security and privacy is serious business.
Data Privacy and Security at Hum
The Intelligent Capital Market is an analytics platform that converts data from companies’ systems of record into powerful financial insights. With 100+ syncable systems of record, thousands of companies share hundreds of gigabytes of financial data with the Intelligent Capital Market in real-time on a daily basis. At Hum Capital, we are adamant about data privacy and security because we know that the financial markets cannot be modernized without Capital-as-a-Service becoming the norm. We wrote this white paper to explain the processes we have in place to protect your data once you join the Intelligent Capital Market.
This document is divided into two parts to explain how we approach data privacy and security for companies and investors, respectively.
Protecting Company Data
Companies who use the Intelligent Capital Market do so for a few key reasons:
- To conduct fundraising processes, including opting into investor matches facilitated by the Intelligent Capital Market when the business is actively looking for financing.
- To mine their financial data for actionable insights they can use to better manage their resources and growth.
- To update their existing investors on financial metrics and performance.
For any of the above use cases, the Intelligent Capital Market is just like Google Drive – it holds sensitive information and rigorously protects it with similar encryption and security protocols as Google. Just like Google Drive, your data is entirely private unless you explicitly share it with someone else. Company typically decide to share their data in a few scenarios:
Companies choose to share data with board members and key investors with information rights
Companies can add board members and investors to their Intelligent Capital Market portal. When they do so, companies must permission each investor’s data access level, which can be changed at any time. Permission levels include:
|Permission Level||Data Shared|
|Full||The company grants the investor access to all of the Intelligent Capital Market’s analytics and dashboards, including financing offers received by 3rd parties (if any).|
|Custom||The company selects which analytics and dashboards are viewable by the investor. Options include rounding data (ex: to the tens of millions) and delaying data (ex: 90 day lag).|
|Basic 1||The company grants the investor to see key financial information including:
|Minimum||The company only allows the investor to see the company’s contact information, industry affiliates and public company description.|
1 Note: With Basic Access, investors also receive permission to include this company’s performance metrics in their fund reporting.
Companies choose to share data with Hum to receive financing offers from investors on the Intelligent Capital Market.
To do so, companies must opt in to the Intelligent Capital Market. Data is shared with Hum and pre-vetted investors on our platform as follows:
|Hum||Read-only access to all connected systems of record and uploaded files. Full access to all of the analytics that the Intelligent Capital Market generates.2 Required to participate in Syndication of a financing process.|
|Investors 3||Before double-opt in: Potential Investors see an anonymized snapshot of key financial metrics potentially including:
In addition to hiding all identifying information (like company name or URL), Hum further anonymizes data by indexing data points to a period date in time (ex: 2 years ago) and showing change relative to that time together with size ranges for key metrics (like $10-25M).
After double opt-in: Potential Investors see deanonymized charts of the key financial metrics aforementioned:
2 Note: Instead of asking for and storing corporate account credentials, Hum Capital uses revocable tokens to access company data via secure APIs. We also secure our system-to-system communication using TLS, a cryptographic security protocol designed for privacy and data security.
Note: Companies can exclude investors from the matching algorithm, and can update this list at any time. See below for example analytics an Investor sees prior to a company sharing access deanonymized data:
Companies choose to participate in our Hum Capital benchmarking program
Companies can opt in to Hum’s anonymized benchmarking tool, which allows finance teams to understand how their company stacks up to similar companies — enabling you to see what terms the market might deliver you in advance of running a formal financing process. To participate, data is shared with Hum Capital as follows:
|Hum||Read-only access to all connected systems of record and uploaded files. Full access to all of the analytics that the Intelligent Capital Market generates. Required to participate in Syndication of a financing process.|
In addition to the above, Hum Capital is powered by the AWS cloud, and we follow their published identify and access management practices. For the encryption nerds, here is a breakdown of Hum’s encryption protocols at rest and in transit:
- All HTTPS (SHA-256 with RSA Encryption) for all traffic between clients and site
- All internal traffic takes place on top of secure transport in a completely private VPC
- S3 (databases) encryption configurable with AES-256 or KMS
- MySQL encryption configurable with AWS KMS
- EBS encryption configurable with AWS KMS
Protecting Investor Data
Investors who use the Intelligent Capital Market do so for a few key reasons:
- To automate and streamline portfolio company reporting for Limited Partners (LPs), as well as to identify portfolio company issues and/or investment opportunities.
- To receive introductions to companies seeking capital in a fundraising process conducted on Hum’s platform.
- To facilitate introductions between their portfolio companies and global pools of capital.
Companies are the ultimate arbiters of their own data. We defer to companies’ privacy preferences. If an investor has information rights in a company, they must work through that company to receive data access on Hum’s Intelligent Capital Market.
The Intelligent Capital Market is just like Google Drive – it holds sensitive information and rigorously protects it with the same encryption and security protocols as Google. Just like Google Drive, your portfolio data is entirely private unless you explicitly decide to share it with someone else. Sharing typically happens in a few scenarios:
- Investors choose to share fund performance data with a fund’s limited partners.
- Investors choose to share individual company performance data with its limited partners. Note: this requires that each company opts in to sharing this data.
- Investors choose to share fund performance data with a potential fund investor.