How our custodial service works
Your money and investments are kept separate from the money that is used day-to-day to develop and maintain the platform.
There are two separate companies involved when you make investments through the Sharesies platform—Sharesies Limited and Sharesies Nominee Limited.
Sharesies Limited grows and develops Sharesies products and keeps the platform running. Sharesies Nominee Limited is responsible for the custody of investors’ money and investments.
If anything were to happen to Sharesies Limited, your money would still be safe because it’s held completely separate by, or on behalf of, Sharesies Nominee Limited.
How we focus on security
At Sharesies, security measures are in place to protect investments and identify fraudulent activity.
Some (but not all!) of the security measures include:
designing systems with security and privacy risks in mind—and preparing for disruptive events, with resilient architecture, backups, and recovery plans
Ensuring teams are aware of their security and privacy responsibilities through documented policies, guidance, and education
finding and fixing potential vulnerabilities as they emerge (e.g. keeping software patched)
text (or email) verification before processing certain withdrawals
regular audits and security tests by a third-party specialist to verify that systems are working as intended, and that nothing has been missed
encryption of sensitive investor data with industry-standard TLS (Transport Layer Security) and AES-256 encryption
continuously monitoring for new threats and signs of suspicious activity
equipping customers with the tools they need to protect their own account.
Protecting your data
Steps are taken to protect the information held. The Sharesies platform’s systems are configured so that data is only available to the people or systems that need it, and use techniques such as hashing, masking, and tokenising (replacing sensitive information with a randomised identifier) to avoid seeing sensitive data when it’s not needed.
Customer passwords are never stored in plaintext—they’re stored in a non-reversible hashed version of your password using the industry-standard bcrypt algorithm.
Vendors and partners
Third-party software and services are used and regularly reviewed to make sure they meet the Sharesies platform’s stringent security requirements and won’t put your data at risk.
The Sharesies platform and data are securely hosted by Amazon Web Services (AWS). All credit card transactions are processed by Stripe, who are certified to Level 1 (the highest level) of the Payment Card Industry’s Data Security Standard (PCI DSS).
Things you can do to help keep your account secure
In addition to the security measures in place to protect your account, there are some extra steps you can take too:
Use a password that's long, hard to guess, and most importantly, one you haven't used anywhere else.
Enable two-factor authentication (2FA)—2FA makes it much harder for people to get into your account, even if they get your password.
Enable face or fingerprint recognition, or a PIN, on the mobile app—it also means you won’t have to enter your password and 2FA codes as often—win-win!
Don’t share your password with others—sadly, account breaches can come from someone you know and trust.
Keep your personal details up-to-date so you’re alerted about account activity that could be suspicious.
Be mindful of scams asking for your login info or offering unsolicited investment advice, especially on social media—check that any comms from Sharesies are from our official social media accounts or emails.
Be aware of impersonators and scammers
Sometimes, people will impersonate companies (like Sharesies) to gain your trust. If you receive an email or message on social media from Sharesies that looks suspicious, don’t give out your personal information. Remember, you’ll never be asked for your password.
Communication from Sharesies
You might be asked to provide extra info from time to time—such as providing a source of funds and source of wealth. This is to meet anti-money laundering (AML) requirements.
Find the only official Sharesies social media channels below. Be wary of imposter or fake accounts that ask for your personal information—if in doubt, message us first!
Reporting security issues
If you have questions or concerns about the security of your account, reach out to the Sharesies platform’s Investor Care team at firstname.lastname@example.org.
If you think you’ve found a security vulnerability, please email email@example.com.