Best practices for email addresses and Carta accounts

Email addresses are critical for managing securities and user access in Carta. To ensure security and proper account functionality, follow these best practices when handling email addresses for Carta accounts.

For end users: Safeguard your account security

  • The importance of your account email: Your email address is the primary identifier for your Carta account. Treat it with the same care as you would sensitive financial information, such as your bank account details.

  • Account security: Protect your email and Carta login credentials. Sharing email accounts or passwords is prohibited under Carta's Terms of Service.

For issuers: Avoid recycling email addresses

  • Risk of reusing corporate emails: Email addresses are tied to securities issuance. Reusing or recycling corporate email addresses can cause security risks and access issues.

  • Email forwarding risks: Forwarding emails from departed employees can grant unintended access to sensitive information unless their email is unlinked from the account.

Best practice: Use personal emails for security acceptance

  • Continuity: Personal email addresses are consistent, even when employees leave or change roles, ensuring uninterrupted access to their securities.

  • Security: Corporate emails are often reassigned, creating risks of unauthorized access. Personal email addresses are more secure and tied to the individual, not the company.

  • Ownership: Securities are personal financial assets. Using personal email addresses emphasizes individual ownership and prevents issues when employees transition.

Do not share Carta security acceptance emails or links

  • Sensitive Information: Security acceptance emails contain encrypted links that allow stakeholders to accept securities. Do not share or forward these emails, as it may result in the wrong person accepting the securities.

  • Double-check recipient: Always send acceptance emails directly to the intended recipient and ensure they are not shared within your organization.

Final Recommendations

  1. Verify Email Addresses: Confirm the email address linked to an individual’s Carta account before issuing securities or reusing corporate emails.

  2. Use Personal Emails for Security Issuance: Default to using personal email addresses to ensure secure and uninterrupted access.

  3. Avoid Email Alias Recycling: Do not recycle email aliases for new hires without confirming the email’s prior use with Carta.

  4. Handle Security Links Responsibly: Ensure security acceptance emails and links are only accessed by authorized recipients.

Special considerations for investment firms

Some investment firms in Carta may use email routing rules for their domains (e.g., @krakatoavc.com) to automatically direct securities to designated administrators. Click below to learn more.

  • Checkmark indicator: A green checkmark next to a stakeholder’s email indicates that a routing rule is active, and securities sent to that address will be managed by the firm’s administrators (not necessarily the stakeholder you intend to issue the security to).

  • Risk of misrouting: If a security is intended for an individual, the routing rule could direct it to the wrong party, preventing the intended stakeholder from receiving it.

  • Best practice: To avoid misrouting, update the stakeholder's email to a personal address not linked to the firm’s domain. This ensures the securities are directly delivered to the stakeholder, bypassing the routing rule.