Skip to content

Trust Center

How we protect the data development teams entrust to us.

RealClear handles sensitive information for real estate development teams — property and deal details, and the research we generate from them. This page summarizes our security, privacy, and compliance posture and links to the documents your security team will want. For control-level detail, we can provide a completed security questionnaire, our Data Processing Agreement, and our sub-processor list on request.

At a glance

  • Encryption — TLS 1.2+ in transit; encryption at rest on all data stores.
  • Authentication — argon2id password hashing and multi-factor authentication (TOTP), required for administrative and paid-customer accounts.
  • Tenant isolation— each organization’s data is scoped and separated, verified by an automated cross-tenant test suite.
  • Auditability — an append-only, hash-chained audit log with end-to-end integrity verification.
  • Resilience — automated, retained backups with regular restore testing.

Security

Our infrastructure, access controls, and production change management are described on our Security page. In short: administrative access is least-privilege and reviewed regularly, every change ships through a protected branch and an automated security gate, and security-sensitive changes get an additional adversarial review before release.

Privacy & data handling

We practice data minimization and do not sell personal information. Our Privacy Policy covers what we collect, how we use it, retention, and your data-subject rights (GDPR/CCPA). Our public marketing pages use privacy-conscious analytics; the signed-in product does not run third-party analytics on your account activity.

To generate cited research, we send the necessary property and deal inputs to established model providers. We review each provider’s data-handling terms and limit what we send. We do not make blanket zero-retention or no-training claims; we describe the actual posture on request.

Sub-processors

We publish the third-party providers we rely on and what each one processes. See our sub-processor list. We keep it current and can provide advance notice of material changes to customers under contract.

Compliance

RealClear is actively pursuing SOC 2 Type II readiness. We maintain a documented policy set, a control-environment description, a risk register, and an open remediation backlog. We are not yet SOC 2 certified — we would rather tell you exactly where we are than overstate our posture. If SOC 2 is a hard requirement for your organization, tell us early and we can begin an audit engagement in parallel with onboarding.

Request our security package

For enterprise security review, we can provide a completed security questionnaire, our Data Processing Agreement (DPA), our sub-processor list, policy summaries, and our SOC 2 roadmap. Email security@realclear.ai to request the package, or to report a suspected vulnerability under our responsible disclosure policy.