How our custodial service works
We work hard to keep your money and investments safe. To do this, your money and investments are kept separate from the money we use day-to-day to develop and maintain the platform.
There are two separate companies involved when you make investments through the Sharesies platform—Sharesies Limited and Sharesies Nominee Limited.
Sharesies Limited grows and develops Sharesies products, employs New Zealand-based staff, and keeps the platform running. Sharesies Nominee Limited is responsible for the custody of investors’ money and investments.
If anything were to happen to Sharesies Limited, your money would still be safe because it’s held completely separate by, or on behalf of, Sharesies Nominee Limited.
How we keep your account secure
At Sharesies, we have layers of industry-standard security measures in place that are designed to protect:
our platform’s stability and reliability
your account, money, and investments
the information we hold about you.
Some (but not all!) of our security measures include:
designing our systems with security and privacy risks in mind—and preparing for disruptive events, with resilient architecture, backups, and recovery plans
making sure our team are aware of their security and privacy responsibilities through documented policies, guidance, and education
finding and fixing potential vulnerabilities as they emerge (e.g. keeping our software patched)
text (or email) verification before we start processing certain withdrawals
regular audits and security tests by a third-party specialist to verify that our systems are working as intended, and that we haven’t missed anything
encryption of sensitive investor data with industry-standard TLS (Transport Layer Security) and AES-256 encryption
continuously monitoring for new threats and signs of suspicious activity
equipping our customers with the tools they need to protect their own account.
Protecting your data
We also take steps to protect the information we hold. Our systems are configured so that data is only available to the people or systems that need it, and use techniques such as hashing, masking, and tokenising (replacing sensitive information with a randomised identifier) to avoid seeing sensitive data when we don’t need to.
We never store any customer passwords in plaintext—we store a non-reversible hashed version of your password using the industry-standard bcrypt algorithm.
Our vendors and partners
We make use of third-party software and services, which we regularly review to make sure they meet our stringent security requirements and won’t put your data at risk.
The Sharesies platform and data are securely hosted by Amazon Web Services (AWS). All credit card transactions are processed by Stripe, who are certified to Level 1 (the highest level) of the Payment Card Industry’s Data Security Standard (PCI DSS).
Things you can do to help keep your account secure
In addition to the security measures we have in place to protect your account, there are some extra steps you can do to help keep your account secure.
Use a password that's long, hard to guess, and most importantly, one you haven't used anywhere else.
Enable two-factor authentication (2FA)—2FA makes it much harder for people to get into your account, even if they get your password.
Enable face or fingerprint recognition, or a PIN, on the mobile app—it also means you won’t have to enter your password and 2FA codes as often—win-win!
Don’t share your password with others—sadly, account breaches can come from someone you know and trust.
Keep your personal details up-to-date so you’re alerted about account activity that could be suspicious.
Be mindful of scams asking for your login info or offering unsolicited investment advice, especially on social media—check that any comms from Sharesies are from our official social media accounts or emails.
Be aware of impersonators and scammers
Sometimes, people will impersonate companies (like Sharesies) to gain your trust. If you receive an email or message on social media from Sharesies that looks suspicious, don’t give out your personal information. Remember, we’ll never ask you for your password.
Communication from Sharesies
We might ask you to provide extra info from time to time—such as providing a source of funds and source of wealth. This is to meet our New Zealand anti-money laundering (AML) requirements.
Find our only official Sharesies social media channels below. Be wary of imposter or fake accounts that ask for your personal information—if in doubt, message us first!
Reporting security issues
If you have questions or concerns about the security of your account, reach out to our Investor Care team at firstname.lastname@example.org.
If you think you’ve found a security vulnerability in one of our apps, let us know at email@example.com.