This is the best response, but remember it's a response to getting caught. They didn't grow a conscience or replace leadership.<p>My company is still taking our business away from Carta, and I don't think anyone's plans should change because they repented after being caught. Things might be different if the CEO stepped down, but he hasn't yet.
I’m CEO of Linear who raised the alarm on this.<p>I have to commend them for making this decision and removing the conflict of interest.<p>However they didn’t address the fact that sales people had convenient access to data and how long & broadly that access was abused.<p>Edit: fixed “Linear CEO” to “CEO of Linear”
To be honest this still seems off.<p>If Carta shows respect for your data and privacy I believe they could still offer an opt-in secondary market, and I can see plenty of companies being interested in participating in it.<p>No one was complaining about the secondary market, they were complaining that Carta was double dipping with their data without consent. This whole post feels like he's just trying to move the goalposts.<p>Ultimately it's about treating customer data with respect, building trust, and operating with transparency. They can't do those things, so they have to shut the whole thing down?<p>Smells funny.
Prior drama: <a href="https://news.ycombinator.com/item?id=38897363">https://news.ycombinator.com/item?id=38897363</a><p>Personally I think it's great that they removed this potential conflict of interest, but the fact that the announced this while conveniently omitting the events that led up to this makes me still distrust them.
Related. Others?<p><i>How We Handle Cap Table Information</i> - <a href="https://news.ycombinator.com/item?id=38906749">https://news.ycombinator.com/item?id=38906749</a> - Jan 2024 (88 comments)<p><i>Linear CEO alleges Carta mishandled sensitive cap table data</i> - <a href="https://news.ycombinator.com/item?id=38899001">https://news.ycombinator.com/item?id=38899001</a> - Jan 2024 (36 comments)<p><i>Carta CEO's response to the unsolicited outreach to their customers' investors</i> - <a href="https://news.ycombinator.com/item?id=38897363">https://news.ycombinator.com/item?id=38897363</a> - Jan 2024 (98 comments)<p><i>Carta doing unsolicited tender offer outreach to their customers' investors</i> - <a href="https://news.ycombinator.com/item?id=38886915">https://news.ycombinator.com/item?id=38886915</a> - Jan 2024 (80 comments)
This is a good move, but still an inadequate response to what originally happened. It’s dogging deep questions about who had access to what data and just how bad the security controls were around startups’ sensitive information. Shutting down this bit of the business doesn’t put folks at ease that their information is still safe with Carta.<p>The Carta CEO has botched the response here multiple times now and this latest pass just comes across as an oops sorry we got caught, we won’t do that anymore response… but still dodging the hard questions on how data was being managed.
There is a lot of patting themselves on the back and no acknowledgement of wrongdoing. They got caught violating trust for an inconsequential revenue stream, at the expense of their biggest revenue stream's customer - so, we'll shut down the conflict.<p>Also, 409a is a conflict of interest, but since it doesn't negatively impact our biggest revenue streams, we'll keep doing it (at the expense of tax revenue).
I thought his responses were terrible and worthy of being fired over the weekend, but I am impressed with his quick action on this. I guess you can put me down as “neutral” towards this person.
Separate of what did or didn’t happen here, I hope more companies crack the secondary market puzzle. The current environment really sucks for startup employee liquidity and might be going on for a lot longer.
So are they spinning the secondary trading business off into a separate company, or shutting it down completely?<p>If they shut it down, their claimed US$8 billion market cap goes poof, doesn't it? Maintaining cap tables as a service can't be good for more than a few million a year in revenue.
When a company says something like:<p>“Fast forward to today, our business is broken down as follows: the captable business is about $250M/year, fund administration is about $100M, private equity is about $20M, and the secondary trading business is about $3M.”<p>Is that assumed to be yearly revenue? Earnings? Something else?
That's nice that they are leaving the secondary trading business. Of course, they can restart that business again.<p>But this all begs two questions:<p>1) Do their legal agreements protect customers sufficiently in terms of use of customer data? I'd argue no. They are a bit of a mess, but very broadly give rights to Carta and its affiliates to use customer data in all sorts of ways. Quite arguably they had every right to do what they did here.<p>2) Legal agreements aside, forget policies on use. How on earth did a CartaX employee get access to Carta customer data?<p>The reality here is that the loose legal restrictions on Carta's use of customer data plus what appears to be loose internal restrictions on employee access to customer data makes me wonder what ELSE they are doing with customer data that we CAN'T so easily see.
I've heard there are some European companies that started to join the equity management game. products like Nimity are bound to respect the EU data protection regulations, so they might be a solution of how to avoid such data breach issues.
BRAVO!!!!<p>Edit: we did just spend 2 days pouring over every negative detail, I don't think this has to be at -5. I will consider it a karmic offering of the karma I got for being negative