Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk Management & Strategy We maintain a cybersecurity risk management program intended to help protect the Fundrise Platform and the information we process, including personal information and other sensitive information, including from investors in the Company and our Investment Products. The program consists of policies and procedures for identifying, assessing, and managing material risks from cybersecurity threats, and we have integrated these policies and procedures into our overall enterprise risk management systems and processes. Through these processes, cybersecurity risks and related mitigations are communicated to appropriate stakeholders and, as necessary, elevated to senior management and our Board. Key elements of our cybersecurity risk management program include: •risk assessments conducted at least annually designed to help identify cybersecurity risks to our information systems and data, including risks that could impact our operations, products and services, customers, and investors; •processes and controls designed to support secure access to systems and data, including identity and access management controls, including role-based access, multi-factor authentication, and periodic access reviews designed to enforce the principle of least privilege; •monitoring, logging, and detection processes intended to help identify anomalous activity and cybersecurity events; •vulnerability management processes designed to identify, prioritize, and remediate security vulnerabilities, including the use of automated scanning tools, periodic penetration testing, patch management, and secure configuration practices; •security awareness training for employees; •incident response processes that include procedures for identifying, assessing, escalating, responding to, remediating, and recovering from cybersecurity incidents and that are coordinated with business continuity and disaster recovery planning; and •a risk management process intended to evaluate and manage cybersecurity risks associated with service providers, vendors, and other third parties. We use third-party service providers and technology vendors in our operations, including for certain information technology and cloud-based services. We maintain processes designed to identify, review, and evaluate cybersecurity risks associated with our use of third parties, which may include risk-based due diligence, review of security documentation, assessment of controls where appropriate, and contractual requirements related to cybersecurity, depending on the nature of the service and the sensitivity of the information involved. We may also engage external advisors, consultants, auditors, and other third-party specialists from time to time to assist with aspects of our cybersecurity program, including assessments, testing, and incident response support. Based on our assessments, we have not identified any cybersecurity incident that has had a material impact on, or that we expect will have a material impact on, our operations, business strategy, results of operations, or financial condition. However, cybersecurity threats are continually evolving and may become more sophisticated and effective over time, and we may incur costs or experience harm in connection with cybersecurity incidents. Additional information on cybersecurity risks is included in Item 1A, Risk Factors in this Annual Report.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We maintain a cybersecurity risk management program intended to help protect the Fundrise Platform and the information we process, including personal information and other sensitive information, including from investors in the Company and our Investment Products. The program consists of policies and procedures for identifying, assessing, and managing material risks from cybersecurity threats, and we have integrated these policies and procedures into our overall enterprise risk management systems and processes. Through these processes, cybersecurity risks and related mitigations are communicated to appropriate stakeholders and, as necessary, elevated to senior management and our Board. Key elements of our cybersecurity risk management program include: •risk assessments conducted at least annually designed to help identify cybersecurity risks to our information systems and data, including risks that could impact our operations, products and services, customers, and investors; •processes and controls designed to support secure access to systems and data, including identity and access management controls, including role-based access, multi-factor authentication, and periodic access reviews designed to enforce the principle of least privilege; •monitoring, logging, and detection processes intended to help identify anomalous activity and cybersecurity events; •vulnerability management processes designed to identify, prioritize, and remediate security vulnerabilities, including the use of automated scanning tools, periodic penetration testing, patch management, and secure configuration practices; •security awareness training for employees; •incident response processes that include procedures for identifying, assessing, escalating, responding to, remediating, and recovering from cybersecurity incidents and that are coordinated with business continuity and disaster recovery planning; and •a risk management process intended to evaluate and manage cybersecurity risks associated with service providers, vendors, and other third parties.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Governance & Oversight Our Board considers cybersecurity risk as part of its risk oversight function and oversees management’s implementation and maintenance of our cybersecurity risk management program. Board members receive periodic updates from management regarding cybersecurity matters. These updates may include information regarding the cybersecurity threat environment, key risk areas and mitigation initiatives, results of risk assessments or testing activities (as applicable), incident response preparedness, and cybersecurity incidents, including management’s assessment of potential impacts and remediation efforts. Management is responsible for the day-to-day assessment and management of cybersecurity risk and for implementing and maintaining our cybersecurity risk management program. Our Chief Technology Officer (“CTO”), who reports directly to the CEO, leads the Company’s cybersecurity function, including the supervision of our internal cybersecurity personnel and external cybersecurity providers, as well as overseeing cybersecurity policies, standards, and controls; coordinating cybersecurity efforts across relevant functions; overseeing third-party cybersecurity risk management; and maintaining incident response and recovery processes. Our CTO has over 15 years of experience at the Company and managing and leading the IT and engineering teams. Prior to joining Fundrise, our CTO also consulted for Fortune 500 companies in financial services and technology as well as departments of the government. He has a Bachelor of Science in Computer Science Engineering from the University of Pennsylvania. We maintain escalation pathways and incident response procedures designed to ensure that cybersecurity incidents and potentially significant cybersecurity events are evaluated promptly and escalated to appropriate stakeholders, including senior management and the Board, as appropriate. Depending on the facts and circumstances, this process may include convening a cross-functional incident response team with representatives from information security and technology, legal and compliance, risk management, finance, and communications. Our incident response processes include procedures designed to support timely assessment of materiality for disclosure purposes, including consideration of relevant quantitative and qualitative factors, such as the nature, scope, and duration of an incident; potential impact on operations; potential financial impacts; potential legal or regulatory exposure; and potential reputational harm and effects on customer and third-party relationships.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board considers cybersecurity risk as part of its risk oversight function and oversees management’s implementation and maintenance of our cybersecurity risk management program. Board members receive periodic updates from management regarding cybersecurity matters. These updates may include information regarding the cybersecurity threat environment, key risk areas and mitigation initiatives, results of risk assessments or testing activities (as applicable), incident response preparedness, and cybersecurity incidents, including management’s assessment of potential impacts and remediation efforts. Management is responsible for the day-to-day assessment and management of cybersecurity risk and for implementing and maintaining our cybersecurity risk management program. Our Chief Technology Officer (“CTO”), who reports directly to the CEO, leads the Company’s cybersecurity function, including the supervision of our internal cybersecurity personnel and external cybersecurity providers, as well as overseeing cybersecurity policies, standards, and controls; coordinating cybersecurity efforts across relevant functions; overseeing third-party cybersecurity risk management; and maintaining incident response and recovery processes.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board considers cybersecurity risk as part of its risk oversight function and oversees management’s implementation and maintenance of our cybersecurity risk management program. Board members receive periodic updates from management regarding cybersecurity matters. These updates may include information regarding the cybersecurity threat environment, key risk areas and mitigation initiatives, results of risk assessments or testing activities (as applicable), incident response preparedness, and cybersecurity incidents, including management’s assessment of potential impacts and remediation efforts.
|
| Cybersecurity Risk Role of Management [Text Block] | Management is responsible for the day-to-day assessment and management of cybersecurity risk and for implementing and maintaining our cybersecurity risk management program. Our Chief Technology Officer (“CTO”), who reports directly to the CEO, leads the Company’s cybersecurity function, including the supervision of our internal cybersecurity personnel and external cybersecurity providers, as well as overseeing cybersecurity policies, standards, and controls; coordinating cybersecurity efforts across relevant functions; overseeing third-party cybersecurity risk management; and maintaining incident response and recovery processes. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our Chief Technology Officer (“CTO”), who reports directly to the CEO, leads the Company’s cybersecurity function, including the supervision of our internal cybersecurity personnel and external cybersecurity providers, as well as overseeing cybersecurity policies, standards, and controls; coordinating cybersecurity efforts across relevant functions; overseeing third-party cybersecurity risk management; and maintaining incident response and recovery processes. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CTO has over 15 years of experience at the Company and managing and leading the IT and engineering teams. Prior to joining Fundrise, our CTO also consulted for Fortune 500 companies in financial services and technology as well as departments of the government. He has a Bachelor of Science in Computer Science Engineering from the University of Pennsylvania. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Management is responsible for the day-to-day assessment and management of cybersecurity risk and for implementing and maintaining our cybersecurity risk management program. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |