Privacy
Last updated 21 June 2026
The product — your cap table
What we collect
There are two kinds of data when you use Tenacap:
- Account data — your name and email, and how you sign in (a Google account, or an email-and-password we store only as a salted hash, never in the clear).
- Cap-table data you enter or import — your company details, your stakeholders’ legal names and email addresses, their holdings (shares, options, SAFEs, notes, warrants), valuations, board approvals, and documents you generate or upload. Where you choose to provide them for tax forms (e.g. 83(b), 3921), sensitive identifiers such as an SSN or EIN are stored field-level encrypted, separate from the rest of the record.
How we use it
Only to provide the service to you: render and version your cap table, generate the documents and tax forms you ask for, and send the notifications you’ve enabled. We never sell or rent your data, never use it to contact your shareholders, and never run a secondary market — those are contractual promises, not just policy. We do not train models on your cap-table data.
How we protect it
Data is encrypted in transit (TLS) and at rest. The most sensitive stakeholder identifiers are additionally field-level encrypted with keys held separately from the database. Access is role-scoped per workspace and every change to the cap table is recorded on an append-only, hash-chained audit trail. See Trust & Security for details.
Who processes it (sub-processors)
We use a small set of vetted providers, each acting as a data processor on our behalf:
- Neon — managed PostgreSQL database (where your cap table lives).
- Vercel — application hosting and file storage, plus cookieless, non-identifying traffic analytics.
- Resend — transactional and notification email.
- Google — only if you choose “Continue with Google” to sign in.
Retention, export & deletion
We keep your cap-table data for as long as your account is active. You can export everything at any time in an open, versioned schema (CSV + JSON) — no lock-in. When you close your account (self-serve in Settings → Account, or on request), we permanently erase your company and all of its data. We retain only the minimal records we’re legally required to keep — an opaque audit identifier and timestamps, with no names, emails, or tax IDs. See Closing your account.
Your rights
You can access, export, correct, and delete your data — most of it directly in the app. You are the controller of your stakeholders’ personal data; we are your processor for it, and we’ll support any access or deletion request you need to honor for them. To exercise a right or ask a question, email security@tenacap.com.
The pre-launch waitlist
What we collect
When you join the waitlist we collect the email address you submit. Our infrastructure and email provider also process your IP address and browser user-agent as a normal part of receiving the request and sending email. If you answer the optional follow-up questions, we also store what you tell us about your current cap-table tool and company stage.
How we use it
To send you a welcome email and information on how to get started now that the beta is open, plus an occasional update. We use aggregate, non-identifying analytics to understand how many visitors join — we never send your email address to our analytics provider. The list is stored with Resend, our email processor. We keep your email until you unsubscribe (one click in every email, or email us) and we do not sell or share the list.
Contact
Privacy questions, data requests, or removals: security@tenacap.com.