Find your terminal
130 Professional Terminals
Each one a complete intelligence operation — live data, ARIA analysis, and morning brief for your specific profession.
Find My Terminal with ARIA →
130 terminals
Browse All Start Free Trial →
💰 Private Markets Private Equity Venture Capital Private Credit Distressed Debt M&A Advisory Corporate Development Merger Arbitrage Event Driven Fund of Funds OCIO Revenue-Based Finance Startup Finance Litigation Finance
🏦 Banking & Credit Banking Commercial Banking Retail Banking Community Banking Central Bank Fixed Income & Rates Institutional Credit Healthcare Private Credit Structured Finance Municipal Finance Trade Finance Capital Markets
📈 Markets & Trading Hedge Funds Global Macro Equity Trading Equity Research Sales & Trading Derivatives & Options Foreign Exchange Commodities Trading Crypto & Digital Assets ETF Strategy Market Making Quantitative Research Carbon Markets
🏢 Real Assets Real Estate Industrial Real Estate Infrastructure Energy Markets Clean Energy Data Center Timber & Natural Resources Mining & Metals Water & Natural Resources Nuclear Energy Finance Oil & Gas Royalties Agriculture Ag Technology
🏥 Sectors Healthcare Pharmaceutical Biotech & Life Sciences Medical Device & MedTech Health Insurance Technology SaaS & Software Media & Entertainment Defense Defense Tech Telecom & Wireless Cybersecurity Space & Satellite Logistics Supply Chain Manufacturing Retail & Consumer Fashion & Luxury Food & Beverage Hospitality
🌍 Special Professions Family Office Wealth Management Pension & Retirement Endowments & Foundations Insurance & Reinsurance ESG & Sustainable Finance Sovereign Wealth Shipping & Maritime Latin America European Finance Asia Pacific Finance Mid-East & Africa
🏛️ Institutional & Advisory Law Firm Finance Legal Sector AML & Compliance Financial Regulation Gov Contracting Grants & Gov Funding Federal Budget Investor Relations Corporate FP&A Revenue & Growth Management Consulting Actuarial Analytics Risk Management Corporate Governance Treasury & Cash Mgmt Econ Research Academic & Research
📋 More Terminals Aviation & Aerospace Behavioral Health Childcare Finance Education Finance Emerging Markets Family Business Franchise Finance IP Finance Restaurant Finance Tax & Estate Planning Smart Cities
Log In Start Free Trial →
🧠 ARIA Intelligence
Ask any financial question. Structured answer, sourced.
 Navigation Home About ValixData Pricing Help Center Contact Terminals Find My Terminal with ARIA All 130+ Terminals Private Equity Hedge Fund Family Office M&A Advisory Real Estate Technology Platform Document Intelligence Report Builder Watch Alerts
Security & Compliance

What we've built.
What we're building.

This page is written for IT and compliance teams reviewing ValixData as a vendor. We've tried to be honest about what exists now and what is on our roadmap — because a vendor who overstates their security posture is worse than no vendor at all.

Current certification status

Where we are today. We don't claim certifications we don't have.

Live
HTTPS / TLS 1.3
All traffic encrypted in transit. HSTS enforced. Certificate transparency monitoring active.
Live
Encryption at rest
All stored data encrypted at rest. Passwords hashed with bcrypt. API keys hashed, never stored plaintext.
Live
Zero retention on ARIA
Conversation sessions are ephemeral. No ARIA query logging. No behavioral profiling. Independently verifiable.
In progress
SOC 2 Type II
Audit preparation underway. Estimated completion Q3 2025. Current controls documented and available for review.
In progress
Penetration testing
First formal third-party pen test scheduled. Results shared under NDA on request.
Planned
ISO 27001
Planned following SOC 2 completion. Frameworks are aligned — control set overlaps significantly.

Security controls in place

What is implemented and verifiable today.

Session isolation — each user session is independent
No shared session state. Sessions expire on logout. Session tokens are not reused.
Directory access controls on all data files
.htaccess deny-all on all data directories. Web server cannot serve raw data files directly.
No third-party tracking or advertising pixels
No Google Analytics, Meta Pixel, or any third-party analytics SDK on the platform. Verifiable by inspecting network requests.
API key authentication with rate limiting
All API endpoints require authentication. Rate limiting enforced per key. Keys can be revoked instantly.
Anthropic API — zero training on user data
ARIA runs on Anthropic's API under enterprise terms that explicitly prohibit training on user queries. Anthropic's enterprise data processing commitments apply.
Document analysis in-session only
Uploaded documents are analyzed in memory during the session. No document storage on our servers. Nothing persists after logout.
Payment data handled entirely by Stripe
ValixData never sees, processes, or stores card data. Stripe is PCI DSS Level 1 certified. We store only a Stripe customer ID.
Access logging and anomaly detection
Server-level access logging active. Anomaly detection tooling being formalized. SIEM integration planned Q2 2025.
Formal incident response plan
Incident response runbook drafted. Breach notification process in place. Formal IR retainer planned Q2 2025.

SOC 2 readiness roadmap

Our path to Type II certification. Updated quarterly.

Q4 2024Gap analysis against SOC 2 Trust Service CriteriaComplete
Q1 2025Control documentation and evidence collectionActive
Q1 2025Third-party penetration testScheduled
Q2 2025SIEM implementation and access review processPlanned
Q2 2025Formal vendor risk assessments for sub-processorsPlanned
Q3 2025SOC 2 Type II audit begins (12-month observation window)Planned
Q3 2026SOC 2 Type II report issuedPlanned

If your firm requires SOC 2 before onboarding, we can provide current control documentation, a security questionnaire response, and a pre-audit readiness summary under NDA. Use the IT review request form below.

Is ARIA output considered investment research?

The compliance question that matters most to regulated firms.

ARIA does not make investment recommendations
ARIA's system prompt explicitly prohibits giving investment advice, buy/sell recommendations, or price targets. Outputs are structured analytical context, not research in the regulatory sense.
NOVA briefs are labeled synthesized intelligence, not research
Every brief item carries a synthesized data disclosure. Outputs are explicitly framed as context for human judgment, not conclusions. "Human judgment leads" is built into every prompt.
ValixData is not a registered investment adviser
We do not provide personalized investment advice. The platform provides structured intelligence tools for professionals who make their own decisions. We are not subject to investment adviser registration requirements as a result of the platform's design.
Formal regulatory opinion letter available on request
We are preparing a formal securities counsel opinion on the regulatory classification of ARIA outputs. Available to enterprise clients under NDA. Contact .

Documentation for your IT team

Documents we can provide for a vendor assessment review.

📄

Data Processing Agreement (DPA template)

Our standard DPA governing how ValixData processes data on behalf of your firm. Covers sub-processors, data subject rights, breach notification, and GDPR/CCPA compliance terms. Enterprise clients can negotiate custom DPA terms.

Request DPA →
📋

Security questionnaire response

Pre-filled responses to the CAIQ (Cloud Security Alliance Consensus Assessment Initiative Questionnaire) and standard vendor security questionnaires. Covers data handling, access controls, incident response, business continuity, and sub-processor inventory.

Request questionnaire →
🔒

Sub-processor list

A complete list of third-party processors that may handle user data on ValixData's behalf — including Anthropic (AI processing), Stripe (billing), and our hosting infrastructure provider. Current as of this page's last update.

Request sub-processor list →

Submit an IT review request

If your firm needs a formal vendor assessment before approving ValixData, start here. We'll respond within two business days.

IT & compliance review request

We respond to all IT review requests within two business days. Complex enterprise reviews may require an NDA prior to sharing detailed documentation.

Request received. We'll be in touch within two business days.
Security questions: Contact Us · Last updated April 20, 2026 · What we keep → · Enterprise →