Security is foundational to RealClear AI. We apply industry-standard controls across our infrastructure, data handling, and engineering practices. This page summarizes our current security posture and roadmap.

Infrastructure

RealClear AI is hosted on Amazon Web Services (AWS), one of the world’s most widely used and audited cloud platforms. All data is encrypted in transit using TLS 1.2 or higher, and all data at rest is encrypted using AES-256. Our infrastructure is deployed within private virtual networks with strict ingress and egress rules. We use managed services with automatic security patching where available.

Data Handling

We practice minimal data collection. We do not store client documents or uploaded files beyond the duration of an active session unless you explicitly save them to your account. Waitlist and account data (email addresses, usage metadata) is stored with appropriate access controls and is never sold to third parties.

Analytical queries submitted to the platform are processed ephemerally and are not retained in identifiable form after a session ends, except as required for audit logging or legal compliance.

Compliance Roadmap

RealClear AI is actively working toward formal compliance certifications as the platform scales:

SOC 2 Type II — planned audit engagement as we onboard enterprise customers.
CCPA / GDPR — privacy controls and data subject rights processes are in place today. See our Privacy Policy for details.
HTTPS everywhere — all endpoints are served over HTTPS with HSTS enforced.

Access Control

Access to production systems and customer data is restricted to authorized RealClear personnel on a need-to-know basis (principle of least privilege). We use role-based access control (RBAC) for all internal systems, with multi-factor authentication required for all team members with production access. Access rights are reviewed quarterly and revoked promptly upon employee offboarding.

AI Model Security

Queries submitted to RealClear AI are not used to train underlying AI models. We use abstraction layers between our application and AI model providers, which allows us to enforce data handling contracts, rotate providers if security issues arise, and prevent query data from being used for third-party model improvement without explicit consent. We review the security practices of all AI infrastructure providers before integration.

Responsible Disclosure

We appreciate the work of security researchers and the broader community in helping keep our platform safe. If you discover a potential vulnerability in RealClear AI, please report it responsibly to security@realclear.ai.

Please include a description of the issue, steps to reproduce, and any relevant screenshots or proof-of-concept. We will acknowledge receipt within 2 business days, investigate promptly, and keep you informed of our progress. We do not pursue legal action against researchers who act in good faith under this policy.