Safeguarding your data, earning your trust

Trust, transparency, and integrity matter. Carta has a robust defense-in-depth strategy to safeguard your data.

Security program overview

Security compliance

Carta undergoes annual external audits by multiple independent auditors. These reports, plus additional security documentation, are available to all customers, prospects, and vendors on our customer trust platform, Conveyor. Learn more here.

SOC 1 reports (core services), SOC 2 report covering the platform

Icons - Item | Trust Center | "ISO 27001 certification"

ISO 27001 certification

Additional resources

Privacy

Understand the policies and procedures in place to protect your privacy:

  • Learn how Carta collects, uses, and shares your information in our Privacy Policy

  • See details regarding the use of cookies on our website in our Cookie Policy

Responsible disclosure

We are always interested in adding talented researchers to our HackerOne disclosure program. If you believe you have discovered a vulnerability or are an interested security researcher, please get in touch with us at security@carta.com .

For more details, please refer to our Responsible Disclosure Policy .

Vendor management and security

Carta is committed to the highest social responsibility standards and ethical conduct. Our Supplier Code of Conduct applies to all suppliers, vendors, consulting partners, and service providers.

In addition, our Supplier Information Security Standards lists the minimum security controls that Carta’s suppliers are required to adopt when:

  • accessing Carta facilities, networks, or information systems

  • handling confidential information, or processing Carta data on supplier’s systems

  • in custody of Carta hardware assets