Getting the right Carta (eShares) data into Compaas
Carta (formerly eShares) provides three levels of user account access, and the most restricted view is “Company Viewer.”
To connect Compaas to Carta:
First, log in to Carta and select Permissions and roles from the Company menu.
Then, Add New Person with the following values.
Manual Compaas upload from Carta:
Some customers prefer to manually upload their Carta reports to Compaas on a recurring basis, for example after a board meeting approves new equity grants.
First, log in to Carta and select Reports from the Capitalization menu.
Then, select Custom Plan Report from the list of available reports.
Select each plan, and select the Select all checkbox.
Download the report when it's ready. You can then securely upload the Excel file to Compaas. You access the Compaas Secure Uploader from the Data menu in the Compaas navigation sidebar.
How does Compaas use Carta and Carta data?
Compaas exports your Equity Plans from Carta. We export the entire equity plan(s) every time we update, in case some existing grant vesting schedule got delayed or the grant was canceled. We import the data only for employees - when we see a name/email that we don't recognize, like a grant to a consultant or advisor, we skip over it. The only PII that comes out of Carta is employee (or grantee) name and email. There is no home address or SSN.
The data for employees is imported into the Compaas database and made available to the customer's HR superusers of Compaas to explore the impact of stock grants on retention and compensation individually and for groups.
Compaas employees go through background checks on hire, yearly security training, and we also have a comprehensive security policy. According to one part of this policy, employees may only access the information they need to access to support a customer with our software. Thus while we might go look up a vesting schedule to see that we're interpreting it correctly, we are enjoined from exploring other information about the company's stock. Naturally, we also keep all the data we do use private (detailed further in the MSA we've signed with you), stored encrypted, and transported encrypted.