Security & Data Governance
Real Intelligence is built on independently audited infrastructure and handles only normalized public-record data.
Built on SOC 2 Type II Certified Infrastructure
Every layer of our stack runs on independently audited infrastructure. We selected providers with institutional-grade security postures so compliance is inherited, not bolted on.
Data Protection at Every Layer
All data is encrypted at rest and in transit. No exceptions, no optional toggles, no plaintext fallbacks.
At Rest
AES-256 encryption on all stored data across database and file storage layers.
In Transit
TLS 1.2+ enforced on all connections. No unencrypted endpoints.
Application Layer
API keys and secrets encrypted at the application layer. Secrets management via provider vaults.
No Plaintext Storage
Zero plaintext credential storage anywhere in the stack. All sensitive values encrypted or hashed.
API Security & Tenant Isolation
Every request is authenticated, rate-limited, and logged. Data isolation is enforced at the database level, not the application level.
API Key Authentication
All endpoints require authenticated API keys. No anonymous access to any data surface.
Per-Key Rate Limiting
Rate limits enforced per API key to prevent abuse and ensure fair resource allocation.
Audit Trails
Request logging on all API calls. Full audit trail of data access by key, endpoint, and timestamp.
Tenant Isolation
Row-level security at the database layer. No cross-tenant data access. Each client sees only their authorized data.
Public Records Only. Zero PII.
Every data point in the Real Intelligence platform originates from publicly available regulatory filings and government records. We do not scrape, we do not buy consumer data, and we do not use third-party data brokers.
- Federal Securities FilingsAnnual and quarterly public company disclosures
- Insurance Regulatory FilingsStatutory financial statements and investment schedules
- State Regulatory RecordsRegulatory filings and financial statements
- Public Property RecordsProperty records and deed transfers
- Corporate Entity RecordsEntity registrations and public filings
- Federal Financial DataInstitutional financial disclosures and public reports
Collect or store personally identifiable information (PII). No names of individuals, no email addresses, no phone numbers, no social security numbers. Entity names come from public corporate records and regulatory disclosures only.
Structure and normalize institutional data from public filings into queryable intelligence. Entity resolution maps corporate structures using public records and regulatory disclosures.
US-Hosted. US-Processed.
All data is stored and processed within the United States. No offshore replication, no cross-border data transfers, no international processing nodes.
What We're Working Toward
Transparency about where we are today and where we are headed. We believe honest disclosure builds more trust than premature claims.
- In Progress
SOC 2 Type II Attestation
Working toward our own independent SOC 2 Type II audit to complement vendor-level certifications.
- Planned
Penetration Testing Program
Formal third-party penetration testing program with recurring assessments.
- Available
Security Questionnaire
Current security questionnaire responses available on request for procurement and compliance teams.
For security questionnaire responses or to discuss specific compliance requirements, contact security@thealpinesystem.com
Have security or compliance questions?
We respond to security questionnaires, RFI requirements, and compliance inquiries directly.