SECURITY

Trust is our product

6ix Inc. has operated with a security-first mentality from day one.
Our security philosophy adheres to three principles:

Defending
against external threats

Protecting
against human
error

Guarding
against misuse
of access

Platform Overview

6ix Inc. is a financial technology company on a mission to unlock social mobility on a global scale by empowering anyone, from anywhere, to invest in anything.

Our flagship product - 6ix.com - combines the power of community and technology by making it easy for anyone to attend, host, and market virtual investment summits. Virtual investment summits are live, interactive events delivered over the internet by video, and are specifically designed around the unique capital markets needs of investors, analysts and companies. Virtual investment summits are powerful because they function as time-based events that bring people together at the exact moment when decisions are being made.

6ix.com is provisioned into two main configurations: investors use the 6ix Investment Discovery Platform to connect with issuers, and issuers use the 6ix Investor Experience Platform to connect with investors.

Investment Discovery Platform

Non-Custodial By Design: We never hold any of your assets, including but not limited to: cash, bonds, equities, cryptocurrencies, NFTs, etc.

No Investment Advice: We do not provide investment advice, you must do your own due diligence.

No Transactions: We do not earn commissions or fees related to your investment decisions, and we are not an exempt market dealer.

Free To Use: We provide our platform as-is, on a free-to-use basis, and do not ask for your credit card details.

No Commitment: Your use of 6ix is at-will and can stop at any time you choose.

Investor Experience Platform

No Representation: All stakeholder communications come from your channels, we do not speak on your behalf.

Secure Access: We follow the principle of least-privilege by applying tiered, role-based access-controls.

Account Security

Passwordless Email Authentication: Our implementation of WebAuthn-based passwordless authentication is unphishable, keeping our users safer.

Secure Access: We follow the principle of least-privilege by applying tiered, role-based access-controls.

Hardware Security Keys: We support Hardware Security Keys via WebAuthn so that you can secure your account with the strongest 2FA protection.

Rate-limiting: In order to thwart brute force attacks, rate-limiting is applied to certain account operations, such as your login attempts.

Single Sign On: Simply log in once to use all your applications powered by 6ix.

Infrastructure Security

TLS and HTTPS Encryption: All of our website data is transmitted over encrypted Transport Layer Security (TLS) connections (i.e., HTTPS).

DDoS Protection: We partner with enterprise vendors to mitigate against distributed denial-of-service (DDoS) attacks.

CSP and HSTS: We leverage the content-security policy (CSP) and HTTP Strict Transport Security (HSTS) features found in modern browsers.

Private Access: Internal-only sections of our website have separate access controls and are not exposed to the public Internet.

Internal Controls

Formal Security Policies: 6ix maintains a set of comprehensive security polices that are kept up to date to meet the changing security environment. These materials are made available to all employees during training and through the company’s knowledge base.

Strict Onboarding and Offboarding: All employees undergo criminal and credit background checks and are subject to ongoing background checks throughout their employment. Additionally, we instantly disable departing employee’s devices, apps, and access during offboarding.

Continuous Security Training: 6ix provides employees with continuous education on emerging security threats, performs phishing awareness campaigns, and communicates with stakeholders regularly.

Incident Response Plan: Security incidents are documented and we adjust our policies accordingly.

Application Monitoring and Protection: All app access is logged and audited. We also use a wide variety of solutions to quickly identify and eliminate threats.

Compliance and Certifications

6ix Inc. is an Ontario private company headquartered at 202-1200 Bay Street, Toronto, ON, M5R 2A5.

We prioritize the trust of investors, analysts, and companies, and place an emphasis on data privacy and security. Our security program is designed and implemented, throughout our company and our platform, in an effort to address the security and compliance requirements of data related to investors, analysts, companies, and employees.

We have a team of professionals that focus on application, network, and system security, as well as security compliance, education, and incident response. We maintain a vulnerability management program that includes periodic scans designed to identify security vulnerabilities on servers, workstations, network equipment and applications, and subsequent remediation of vulnerabilities. We also conduct regular internal and external penetration tests and remediate according to severity for any results found.

We encrypt investor, analyst, and company data in transit using secure transport layer security cryptographic protocols and encrypt data at rest as well. We use multi-factor authentication and other security controls in order to control access to our resources containing personal data or other confidential information.

We design our platform, offerings, and policies to facilitate compliance with evolving privacy and data security laws and regulations. We post on our website our privacy policies, and we maintain certain other policies and practices relating to data security and concerning our processing, use, and disclosure of personal information. We collect and use aggregated end-user information to develop, provide, and improve our platform and offerings.

Vulnerability Disclosure Policy

If you believe you have discovered a security vulnerability, we encourage you to disclose your discovery to us as quickly as possible.


To participate in our private bug bounty program or learn more about the terms of our program, including our scope, bounties, or safe harbor guarantee, please email [email protected].


Our commitment to security researchers is simple: we will not take action against anyone who reports an issue in a responsible manner. We will do our best to reply to you in a timely fashion and periodically update you on our progress with respect to investigating or remediating any issues you may have identified.

Contacting Security

Please send all general security queries to [email protected]. To encrypt your communications, please use our PGP public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: BCPG C# v1.6.1.0

mQENBGH1O8sBCAC8UKMZqu16FL0mJfR5C/OIENVORhHAqYjQPt5qlse16pnDuVTDD1+p/4/+se+OeTdiI3G4xL8KNVvrwqKaad2FAfVXpyYTFsiFskCjJXusGkYHuNHLfqnwKUsX+Vb3le29ab5Cac7iaRRFe7c98E6EkPJZlY1bXabyGipq130JSdPQotYk+K64/PK7kOP3gyzNg6g/sZgbULqGOItxwl/iPrX7gYn/Rs4UvbG07fNT5q0Qb1GZNVML3jSHcWDgCJnZS+5/ts9HCcDrJQ44TXRgwfh5Lfdyj+gX0G2Mxo7HieolqNf6x7FCDphLr2YJhA4D1vPY7dtACVqRwxr8qKc9ABEBAAG0EHNlY3VyaXR5QDZpeC5jb22JARwEEAECAAYFAmH1O8sACgkQNKpO80HboBHteAgArKdgLv6kfO/gQO4wEuqpC9+VErvOYXctrw+lk9MToz5RcpBsZaTAjbxcoY0PAYJAils+Car3DesldIOGMolY8oC4RBuMOI5RIZ4eoRmus3qq7yUi0JP5lg1rz52zu1YcVqTrn1vqwoRZ4af38Otm89F2rBzuQvw3hUGHTclFOcpe9bah3Y8eCAk9JxVNYjo/Shfnk2ZNw6echo1zseKptq41Mq4HWyOw6riNojMHtuCthZgryKtZyx3K3xn2y868h08W5BLxf3RdgQN8SMZ6Tvat3J0d9dCcIvKgi8QbE55ZB+GRmuYop5RYOmH42NQHKBqKMtmtmNOixqtgfDLWNg===wf/g

-----END PGP PUBLIC KEY BLOCK-----

Get in Touch