Security

Built for sensitive raise data

Campaign data includes investor relationships, messaging, and traction metrics. We treat it accordingly.

Encryption

  • TLS 1.3 in transit for all API and dashboard traffic
  • AES-256 encryption at rest for campaign and contact data
  • Encrypted backups with 30-day retention

Access control

  • Role-based access for team members
  • SSO available on Full Service engagements
  • Audit log for campaign configuration changes

Email infrastructure

  • SPF, DKIM, and DMARC configuration on your domain
  • Send volume throttling to protect deliverability
  • Bounce and complaint monitoring

Data handling

  • Campaign data not sold to third parties
  • Data deletion on request within 30 days of campaign close
  • US-based infrastructure (AWS us-east-1)
Compliance

Certification status

StandardStatusTarget
SOC 2 Type IIn progressQ3 2026
GDPRCompliant
CAN-SPAMCompliant

Questions? security@capsignal.com

Get started

Start with a raise profile

We review every submission and respond within one business day.

Request accesshello@getcapsignal.com