Security & trust

Your ecosystem’s data, protected by default.

Fundu is multi-tenant infrastructure handling confidential deal flow and founder data rooms. Security is built into how the platform is architected — not bolted on.

How we protect your data

Defense in depth, from the database up.

Hosted on Supabase / Postgres

Data lives in managed PostgreSQL on Supabase, with automated backups and infrastructure operated to industry standards.

Tenant isolation via RLS

Every table is protected by row-level security. Organizations, programs, and clubs can only ever read their own data — enforced in the database, not just the app.

Encryption in transit and at rest

All traffic is served over TLS, and data is encrypted at rest with AES-256 by the underlying platform.

Data rooms and mutual NDAs

Startup data rooms are shared on secure links protected by passwords and mutual NDAs, with stage-gated access controls over what each viewer can see.

Granular access control

Per-viewer, per-stage permissions decide exactly who can access which documents — with full visibility into who viewed what.

Responsible disclosure

Found something? Email security@fundu.vc and we’ll respond promptly. We treat reports seriously and keep reporters informed.

The guarantees

Four guarantees we don’t bend.

AES-256Encryption at rest and in transit

Mutual NDAsRequired before any data room access

Granular accessPer-viewer, stage-gated permissions

GDPR-alignedBuilt to align with GDPR data-handling principles

Our audit posture

We build to ISO 27001 and SOC 2 principles as we scale toward formal certification, and a security review is in progress. We don’t claim certifications we don’t yet hold — if you need specifics for a procurement review, reach out and we’ll share where we are.

Build on infrastructure that holds.

Founders and investors start free in minutes — on the same secured platform organizations run their programs and clubs on.

Get started free Explore as an investor

Built in, not bolted on