Data Security

Last updated: October 3, 2025

Clarivant Data, LLC ("Clarivant") takes the security of our systems and data seriously. This page summarizes the key technical and organizational measures we use to protect BrokerShare and related services.

1. Infrastructure and hosting

• BrokerShare is hosted on reputable, enterprise-grade cloud infrastructure providers.
• All access to the application is enforced over HTTPS (TLS) to protect data in transit.
• Production systems are logically separated from development and test environments.

2. Access controls

• Access to production systems is limited to authorized personnel based on job responsibilities.
• Role-based access controls are used within the application to restrict data access to authorized users from each client organization.
• Strong authentication and password requirements are enforced for user accounts.

3. Data handled by BrokerShare

• BrokerShare primarily uses public regulatory data (e.g., SEC filings) and other non-confidential market information.
• We do not require customer account numbers, consumer personal financial information, or trade-level client PII to provide our analytics.
• User information is typically limited to business contact and login information (e.g., name, work email, employer).

4. Encryption

• Data in transit between users and BrokerShare is encrypted using HTTPS (TLS).
• Our cloud providers offer encryption at rest for storage services used in production.

5. Monitoring and logging

• Access to production systems and application activity is logged and monitored for security and operational purposes.
• We review logs and alerts for unusual or unauthorized activity.

6. Development practices

• Changes to application code are tested before deployment to production.
• We regularly update dependencies and frameworks to incorporate security patches.
• Configuration and secrets (such as API keys) are handled using environment variables and secure storage mechanisms.

7. Vendor management

• We use third-party providers (e.g., cloud hosting, authentication, email) that implement industry-standard security controls.
• Third-party access to data is limited to the minimum necessary to provide their service.

8. Incident response

If we become aware of a security incident affecting the confidentiality, integrity, or availability of our systems or data, we will:

1. Investigate and contain the issue.
2. Take steps to mitigate any potential harm.
3. Notify affected clients in accordance with our contractual and legal obligations.

9. Contact for security and compliance

Clarivant Data, LLC
7315 Wisconsin Avenue, Suite 400
Bethesda, Maryland 20814, United States
Email: compliance@clarivantdata.com