Security

Last updated 22 June 2026

Protecting your information is foundational to this portal. It is read-only — there is no money movement — and it is built so that you only ever see your own investment information.

How we protect your information

• Multi-factor authentication at every sign-in, handled by our identity provider (WorkOS); we never receive your password or MFA secret.
• Encryption in transit (TLS) and at rest (AES-256).
• Authorization on every request — each document request is checked at the edge against your entitlements before any file is served.
• Immutable audit logging — every access decision is recorded to a write-once log retained for 7 years.
• No third-party tracking — no analytics, advertising, or tracking cookies; a single encrypted session cookie keeps you signed in.
• Vendor oversight — our service providers (WorkOS, Cloudflare) are bound by contract to protect your information.

Reporting a security concern

If you believe you've found a security issue, email security@alta-financial.com. We follow coordinated disclosure: we acknowledge reports within 2 business days, keep you informed of remediation, and do not pursue legal action against good-faith research conducted within scope. A PGP key is available on request at the same address.

Please do not access, download, or retain other investors' data, and do not degrade service for others, when investigating or demonstrating an issue.

If you suspect your own account is compromised

Contact us immediately at security@alta-financial.com (or your usual Alta contact). You cannot change your login email yourself — that is a deliberate security control.