Security

How Brokerlytics handles your most sensitive deal documents.

Last updated: March 2025

Architecture Overview

Brokerlytics was designed from the ground up to minimize data exposure. M&A documents are among the most sensitive pre-public corporate materials that exist. Our pipeline is intentionally ephemeral — no files are ever stored, and no database holds your deal content.

How Your Documents Are Handled

1

PDF parsing happens in your browser

When you upload a PDF, the file is parsed locally on your device using a JavaScript library (pdfjs-dist). The raw PDF — with all its metadata, formatting, and binary data — never leaves your browser and is never transmitted to our servers.

2

Only extracted text is transmitted

Only the extracted plain text is sent to our API over an encrypted HTTPS (TLS) connection. The request is authenticated — unauthenticated requests are rejected before any processing occurs.

3

AI analysis via Anthropic

Document text is sent to Anthropic’s Claude API for deal term extraction. Each document is analyzed in an isolated API call — there is no shared context between documents or between users. We are in the process of establishing Zero Data Retention (ZDR) with Anthropic, which would mean content is not retained by Anthropic after the API call completes.

4

Results delivered, nothing retained

The comparison matrix is generated and returned directly to your browser as a downloadable Excel file. Once the response is sent, all document content is discarded from memory. Nothing is written to disk or stored in a database.

Infrastructure

  • Hosted on Vercel (enterprise-grade infrastructure with SOC2 Type II certification)
  • All traffic served over HTTPS with TLS 1.2+
  • Authentication managed by Clerk (SOC2 Type II certified)
  • Payment processing by Stripe (PCI DSS Level 1 certified)
  • No proprietary database — usage metadata only, stored in Clerk account records

What We Do Not Do

  • We do not store your documents
  • We do not log document content in server logs
  • We do not share document content with third parties beyond Anthropic for processing
  • We do not train models on your data

Responsible Disclosure

If you discover a security vulnerability in Brokerlytics, please report it to security@brokerlytics.io. We will respond promptly and work with you to address any confirmed issues.