Your data is encrypted and secure
deeltrack is built on Google Firebase — a SOC 2 Type II and ISO 27001 certified platform. All data is encrypted at rest and in transit. Sensitive fields (bank accounts, tax IDs, SSNs) are never stored in plain text.
Bank account numbers, routing numbers, SSNs, and tax IDs entered in deeltrack are stored encrypted in Google Firestore and are never transmitted to third parties without your explicit authorization.
Encryption at Rest
All data stored in Google Firestore is encrypted at rest using AES-256. Firebase Storage uses server-side encryption for all uploaded documents including KYC files and tax documents.
Active
Encryption in Transit
All data transmitted between your browser and deeltrack's servers uses TLS 1.3. HTTPS is enforced on all connections. HTTP requests are automatically redirected to HTTPS.
Active
Authentication & Access Control
Firebase Authentication with email/password. Role-based access: GP accounts see all deal data; investor portal accounts see only their own linked deals and documents.
Active
Firestore Security Rules
Firestore rules enforce that each GP org can only read/write their own organization's data. Investors can only access documents to which they've been explicitly granted access.
Active
Audit Logging
All data mutations (deal saves, distribution executions, investor updates) are logged with timestamp and user ID. Activity feed visible on the GP Dashboard.
Active
SOC 2 Type II
deeltrack runs on Google Firebase which holds SOC 2 Type II certification. A deeltrack-specific SOC 2 audit is planned as the platform scales to enterprise customers.
In Progress — Firebase certified
Compliance Status
| Requirement |
Status |
Notes |
| AES-256 Encryption at Rest |
Active |
Via Google Firestore & Firebase Storage |
| TLS 1.3 in Transit |
Active |
Enforced on all Firebase endpoints |
| Role-Based Access Control |
Active |
GP / Investor portal separation via Firebase Auth |
| Org-Level Data Isolation |
Active |
Each GP org scoped to orgId in Firestore rules |
| Investor Document Access Control |
Active |
Per-document investor allowlist in Deal Room |
| SOC 2 Type II (deeltrack-level) |
Planned |
Targeting Q4 2026 for enterprise tier |
| GDPR / CCPA Data Export & Deletion |
In Progress |
Account deletion available; data export UI coming Q3 2026 |
| Multi-Factor Authentication (MFA) |
Planned |
Firebase MFA integration planned Q3 2026 |
| SEC Reg D Compliance Checklist |
Available |
Form D filing reminders + checklist in GP Dashboard |
| Accreditation Verification Audit Trail |
Active |
Status workflow + notes logged per investor |
Frequently Asked Questions
Where is investor bank account data stored?
Bank account numbers and routing numbers are stored in Google Firestore, encrypted at rest. They are only accessible to authenticated GP users within your organization. deeltrack staff do not have access to your investors' banking details.
Are SSNs and Tax IDs stored securely?
Tax IDs and SSNs (used for K-1 generation) are stored encrypted in Firestore. We recommend entering only what's needed for K-1 generation and not storing full SSNs unless required. Future versions will support partial display (last 4 only).
Can investors see each other's data?
No. The investor portal is scoped to each individual investor's account. Investors can only see deals they are linked to and documents their GP has explicitly shared with them. No investor can view another investor's capital account, commitment, or personal details.
What happens to my data if I cancel?
Your data remains accessible for 90 days after cancellation. You can export all deal, investor, and document data at any time. After 90 days, data is permanently deleted per our
Privacy Policy.