The ESOP grant letter given to any employee needs to be signed by someone authorised by the company. It is usually someone designated by the ESOP committee (or the board of directors as the case may be based on the ESOP scheme doc). Note that this person could be an employee (HR head, CFO, co-Founder etc) or a non-employee (board member or an external ESOP consultant etc)
The admin (or co-admin) role has the permissions to add an ESOP scheme and grant options to employees. Also, the admin can edit the employee details for the company. The other role of authorised signatory can only sign the grant letters once they are created by the admin person. Note that both the admin and authorised signatory can be the same person/user. Also note that such a person could be a current employee or a non-employee.
Employee can only accept the grant letters once it has been created by the admin. After that he can only see his/her grants and the corresponding vesting table, nothing else. In the future, when we build the feature, the employee can also see the valuation of his grants and vested options go up depending upon the valuation jumps for the company itself.
Two-factor authentication is much more secure than the usual email/password mechanism of authentication. We will soon introduce the feature of sending an OTP to your mobile and email id to add this second factor authentication mechanism thus making the application very very secure.
First of all the entire authentication is handled by AWS cognito itself, no userid/password is saved in our own database. Secondly, the database (MongoDB Atlas) provides encryption for data at rest by default. Thirdly the entire app uses https and SSL for secure communication between browser and server thereby ensuring that data in transit can’t be hacked even on unsecured networks (e.g. public wifi hotspots etc). Fourthly, there is a provision for adding custom AWS KMS keys (just for your company) to encrypt your data using your own KMS keys. You can use this feature to ensure none (not even us) can decrypt your data if you choose to revoke your keys anytime.
Next on the priority list is add signeasy integration (to make the grant letters legally compliant), bulk upload of employee data, grant letters (for companies with large employee headcounts), captable management to name a few. If you have any ideas, please feel free to reach out to us at firstname.lastname@example.org